OPENSUSE-SU-2021:0476-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2021-3449

Published: 25 Mar 2021, 22:06

Last modified:04 Feb 2026, 03:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Mar 2021, 22:06

Published

Vulnerability first disclosed

04 Feb 2026, 03:34

Last Modified

Vulnerability information updated

Description

Security update for openssl-1_1 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] This update was imported from the SUSE:SLE-15-SP2:Update update project.

Affected Systems

opensuse•openssl-1_1&distro=openSUSE Leap 15.2
< 1.1.1d-lp152.7.15.1

OPENSUSE-SU-2021:0476-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)