CVE-2021-3449

Name
CVE-2021-3449
Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
Vendor Advisory https://www.openssl.org/news/secadv/20210325.txt
Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
Third Party Advisory https://www.debian.org/security/2021/dsa-4875
Third Party Advisory https://security.netapp.com/advisory/ntap-20210326-0006/
Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
Mailing List http://www.openwall.com/lists/oss-security/2021/03/27/1
Mailing List http://www.openwall.com/lists/oss-security/2021/03/27/2
Mailing List http://www.openwall.com/lists/oss-security/2021/03/28/3
Mailing List http://www.openwall.com/lists/oss-security/2021/03/28/4
Third Party Advisory https://security.gentoo.org/glsa/202103-03
Third Party Advisory https://www.tenable.com/security/tns-2021-06
Third Party Advisory https://www.tenable.com/security/tns-2021-05
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10356
CONFIRM https://www.tenable.com/security/tns-2021-09
CONFIRM https://security.netapp.com/advisory/ntap-20210513-0002/
CONFIRM https://www.tenable.com/security/tns-2021-10
MISC https://www.oracle.com/security-alerts/cpuApr2021.html
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Third Party Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
Third Party Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
Patch https://www.oracle.com//security-alerts/cpujul2021.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
MISC https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
MISC https://www.oracle.com/security-alerts/cpuapr2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* openssl >= 1.1.1 < 1.1.1k

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openssl 3.10-main 1.1.1k-r0 Timo Teras <timo.teras@iki.fi> fixed