CVE - CVE-2021-3449

CVE-ID
CVE-2021-3449	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CISCO:20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021 URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf URL:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf URL:https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148 URL:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148 CONFIRM:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 URL:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10356 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10356 CONFIRM:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 CONFIRM:https://security.netapp.com/advisory/ntap-20210326-0006/ URL:https://security.netapp.com/advisory/ntap-20210326-0006/ CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ URL:https://security.netapp.com/advisory/ntap-20210513-0002/ CONFIRM:https://www.openssl.org/news/secadv/20210325.txt URL:https://www.openssl.org/news/secadv/20210325.txt CONFIRM:https://www.tenable.com/security/tns-2021-05 URL:https://www.tenable.com/security/tns-2021-05 CONFIRM:https://www.tenable.com/security/tns-2021-06 URL:https://www.tenable.com/security/tns-2021-06 CONFIRM:https://www.tenable.com/security/tns-2021-09 URL:https://www.tenable.com/security/tns-2021-09 CONFIRM:https://www.tenable.com/security/tns-2021-10 URL:https://www.tenable.com/security/tns-2021-10 DEBIAN:DSA-4875 URL:https://www.debian.org/security/2021/dsa-4875 FEDORA:FEDORA-2021-cbf14ab8f9 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ GENTOO:GLSA-202103-03 URL:https://security.gentoo.org/glsa/202103-03 MISC:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc MISC:https://www.oracle.com//security-alerts/cpujul2021.html URL:https://www.oracle.com//security-alerts/cpujul2021.html MISC:https://www.oracle.com/security-alerts/cpuApr2021.html URL:https://www.oracle.com/security-alerts/cpuApr2021.html MISC:https://www.oracle.com/security-alerts/cpuapr2022.html URL:https://www.oracle.com/security-alerts/cpuapr2022.html MISC:https://www.oracle.com/security-alerts/cpujul2022.html URL:https://www.oracle.com/security-alerts/cpujul2022.html MISC:https://www.oracle.com/security-alerts/cpuoct2021.html URL:https://www.oracle.com/security-alerts/cpuoct2021.html MLIST:[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update URL:https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html MLIST:[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing URL:http://www.openwall.com/lists/oss-security/2021/03/27/1 MLIST:[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing URL:http://www.openwall.com/lists/oss-security/2021/03/27/2 MLIST:[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing URL:http://www.openwall.com/lists/oss-security/2021/03/28/3 MLIST:[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing URL:http://www.openwall.com/lists/oss-security/2021/03/28/4
Assigning CNA
OpenSSL Software Foundation
Date Record Created
20210317	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210317)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)