CVE-2021-3712: 
MySQL vulnerability analysis and mitigation

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. A vulnerability was discovered where OpenSSL functions assume ASN1STRING byte arrays will be NUL terminated, even though this is not guaranteed for directly constructed strings. This vulnerability affects OpenSSL versions 1.1.1k and below, as well as versions 1.0.2y and below (OpenSSL Advisory).

The vulnerability occurs because numerous OpenSSL functions that print ASN.1 data assume the ASN1STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. When an application requests an ASN.1 structure to be printed, and that structure contains ASN1STRINGs directly constructed without NUL terminating the 'data' field, a read buffer overrun can occur. This can also happen during name constraints processing of certificates and in the X509get1email(), X509REQget1email() and X509get1_ocsp() functions (OpenSSL Advisory).

If successfully exploited, this vulnerability could result in a crash causing a denial of service attack. It could also lead to the disclosure of private memory contents such as private keys or sensitive plaintext (OpenSSL Advisory).

Users of OpenSSL versions 1.1.1k and below should upgrade to version 1.1.1l. Users of OpenSSL versions 1.0.2y and below should upgrade to version 1.0.2za if they have premium support, otherwise they should upgrade to version 1.1.1l. OpenSSL 1.0.2 is out of support and no longer receiving public updates (OpenSSL Advisory).

Multiple vendors and organizations issued advisories and patches for this vulnerability, including Oracle, Red Hat, Debian, and others. The vulnerability was initially reported by Ingo Schwarze, with additional instances discovered through subsequent analysis by David Benjamin and Matt Caswell (OpenSSL Advisory).