According to the OpenSSL team's description, a malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash.
We have included the fix for this vulnerability in NRSW version 4.5.0.106.
Further information:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711