CVE-2021-3449

 

Published at: - 25-03-2021 04:15

Last modified: - 15-10-2022 12:00

Total changes: - 33

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
• https://www.openssl.org/news/secadv/20210325.txt
• 20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021-Third Party Advisory
• DSA-4875-Third Party Advisory
• https://security.netapp.com/advisory/ntap-20210326-0006/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
• [oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing-Mailing List, Third Party Advisory
• [oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing-Mailing List, Third Party Advisory
• [oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing-Mailing List, Third Party Advisory
• [oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing-Mailing List, Third Party Advisory
• GLSA-202103-03-Third Party Advisory
• https://www.tenable.com/security/tns-2021-06
• https://www.tenable.com/security/tns-2021-05
• FEDORA-2021-cbf14ab8f9-Mailing List, Third Party Advisory
• https://kc.mcafee.com/corporate/index?page=content&id=SB10356
• https://www.tenable.com/security/tns-2021-09
• https://security.netapp.com/advisory/ntap-20210513-0002/
• https://www.tenable.com/security/tns-2021-10
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
• N/A-Patch, Third Party Advisory
• [debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update-Mailing List, Third Party Advisory
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
• https://www.oracle.com/security-alerts/cpuapr2022.html
• N/A-Third Party Advisory

 

Keywords

NVD

 

CVE-2021-3449

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures