CVE-2021-3449

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS Metrics

• v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 9.86%• Percentile: 93%

Techniques & Countermeasures

• CWE-476•NULL Pointer Dereference

  The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

• Crates.Io•openssl-src

  < 111.15.0 | ≥ 0.0.0-0, < 111.15.0

• checkpoint•multi-domain_management_firmware

  r80.40 | r81

• checkpoint•quantum security gateway

  r80.40 | r81

• checkpoint•quantum security management

  r80.40 | r81

• debian•debian_linux

  9.0 | 10.0

• fedoraproject•fedora

  34

• freebsd•freebsd

  12.2 | 12.2:p1 | 12.2:p2

• mcafee•web_gateway

  8.2.19 | 9.2.10 | 10.1.1

• mcafee•web_gateway_cloud_service

  8.2.19 | 9.2.10 | 10.1.1

• netapp•active_iq_unified_manager

  na

• netapp•cloud_volumes_ontap_mediator

  na

• netapp•e-series_performance_analyzer

  na

• netapp•oncommand_insight

  na

• netapp•oncommand_workflow_automation

  na

• netapp•ontap_select_deploy_administration_utility

  na

• netapp•santricity_smi-s_provider

  na

• netapp•snapcenter

  na

• netapp•storagegrid

  na

• nodejs•node.js

  ≥ 10.0.0, ≤ 10.12.0 | ≥ 10.13.0, ≤ 10.24.0 | ≥ 12.0.0, ≤ 12.12.0 | ≥ 12.13.0, < 12.22.1 | ≥ 14.0.0, ≤ 14.14.0 | ≥ 14.15.0, < 14.16.1 | ≥ 15.0.0, < 15.14.0

• Unknown•OpenSSL

  ≥ 1.1.1, < 1.1.1k | Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)

• oracle•communications_communications_policy_management

  12.6.0.0.0

• oracle•enterprise_manager_for_storage_management

  13.4.0.0

• oracle•essbase

  21.2

• oracle•graalvm

  19.3.5 | 20.3.1.2 | 21.0.0.2

• oracle•jd_edwards_enterpriseone_tools

  < 9.2.6.0

• oracle•jd_edwards_world_security

  a9.4

• oracle•mysql_connectors

  ≤ 8.0.23

• oracle•mysql_server

  ≤ 5.7.33 | ≥ 8.0.15, ≤ 8.0.23

• oracle•mysql_workbench

  ≤ 8.0.23

• oracle•peoplesoft_enterprise_peopletools

  8.57 | 8.58 | 8.59

• oracle•primavera_unifier

  ≥ 17.7, ≤ 17.12 | 19.12 | 20.12 | 21.12

• oracle•secure_backup

  < 18.1.0.1.0

• oracle•secure_global_desktop

  5.6

• oracle•zfs_storage_appliance_kit

  8.8

• siemens•ruggedcom_rcm1224_firmware

  ≥ 6.2

• siemens•scalance_m-800_firmware

  ≥ 6.2

• siemens•scalance_s602

  ≥ 4.1

• siemens•scalance_s612

  ≥ 4.1

• siemens•scalance_s615_firmware

  ≥ 6.2

• siemens•scalance s623

  ≥ 4.1

• siemens•scalance s627-2m

  ≥ 4.1

• siemens•scalance_sc-600_firmware

  ≥ 2.0

• siemens•scalance_w1700_firmware

  ≥ 2.0

• siemens•scalance_w700_firmware

  ≥ 6.5

• siemens•scalance_xb-200_firmware

  < 4.3

• siemens•scalance_xc-200_firmware

  < 4.3

• siemens•scalance_xf-200ba_firmware

  < 4.3

• siemens•scalance_xm-400_firmware

  < 6.4

• siemens•scalance_xp-200_firmware

  < 4.3

• siemens•scalance xr-300wg

  < 4.3

Showing first 50 affected entries in server-rendered view.

References (38)

• https://www.openssl.org/news/secadv/20210325.txt
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
• https://www.debian.org/security/2021/dsa-4875
• http://www.openwall.com/lists/oss-security/2021/03/27/1
• http://www.openwall.com/lists/oss-security/2021/03/27/2
• http://www.openwall.com/lists/oss-security/2021/03/28/3
• http://www.openwall.com/lists/oss-security/2021/03/28/4
• https://security.gentoo.org/glsa/202103-03
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.tenable.com/security/tns-2021-10
• https://www.tenable.com/security/tns-2021-09
• https://security.netapp.com/advisory/ntap-20210513-0002/
• https://security.netapp.com/advisory/ntap-20210326-0006/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
• https://www.tenable.com/security/tns-2021-06
• https://www.tenable.com/security/tns-2021-05
• https://kc.mcafee.com/corporate/index?page=content&id=SB10356
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
• https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://security.netapp.com/advisory/ntap-20240621-0006/
• https://nvd.nist.gov/vuln/detail/CVE-2021-3449
• https://security.netapp.com/advisory/ntap-20210513-0002
• https://security.netapp.com/advisory/ntap-20210326-0006
• https://rustsec.org/advisories/RUSTSEC-2021-0055.html
• https://rustsec.org/advisories/RUSTSEC-2021-0055
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP
• https://github.com/alexcrichton/openssl-src-rs
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
• https://crates.io/crates/openssl-src