| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2021-3711 | OpenSSL SM2 Decryption Buffer Overflow: | Microsoft Visual Studio 2019 | Critical | 10-12-2021 |
Technical Information
Brief overview of the risk:
A buffer overflow vulnerability in OpenSSL which stems from an incorrect buffer size in OpenSSL’s SM2 function. An attacker could exploit this vulnerability to achieve remote code execution on the victim machine with the privilege of the OpenSSL service. The latest versions of Visual Studio Code are not vulnerable to this vulnerability.
Further information on this vulnerability is available at : CVE-2021-3711
Affected Software
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)