Summary
A bug in the SM2 decryption code can cause a buffer overflow when the application calls EVP_PKEY_decrypt() with a smaller buffer size. This could lead to malicious attackers altering the contents of other data, potentially changing application behavior or causing a crash. The buffer location is application-dependent.
Please see the full security advisory article here for more details and updates.
