漏洞修补列表
软件名称 |
软件版本 |
漏洞编号 |
CVE编号 |
实际CVSS得分 |
漏洞描述 |
解决版本 |
|---|---|---|---|---|---|---|
musl |
1.2.0 |
HWPSIRT-2020-34027 |
CVE-2020-28928 |
5.5 |
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). |
Kunpeng BoostKit 21.0.0 |
OpenSSL |
1.1.1k |
HWPSIRT-2021-89770 |
CVE-2021-3711 |
9.8 |
A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. |
Kunpeng BoostKit 21.0.0 |
OpenSSL |
1.1.1k |
HWPSIRT-2021-85906 |
CVE-2021-3712 |
7.4 |
If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). |
Kunpeng BoostKit 21.0.0 |