<< Back
CVE Number Vulnerability Product Severity Date
CVE-2021-3711 OpenSSL SM2 Decryption Buffer Overflow: Microsoft Visual Studio 2019 Critical 10-12-2021

Technical Information

Brief overview of the risk:

A buffer overflow vulnerability in OpenSSL which stems from an incorrect buffer size in OpenSSL’s SM2 function. An attacker could exploit this vulnerability to achieve remote code execution on the victim machine with the privilege of the OpenSSL service. The latest versions of Visual Studio Code are not vulnerable to this vulnerability.

Further information on this vulnerability is available at : CVE-2021-3711

Affected Software

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)