QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3449

Published: Mar 25, 2021

Modified: Sep 17, 2024

PUBLISHED

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Vendor	Product	Versions
OpenSSL	OpenSSL	affected `Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)`

References

https://www.openssl.org/news/secadv/20210325.txt

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148

20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021

vendor-advisory

vendor-advisory

[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing

mailing-list

[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing

mailing-list

[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing

mailing-list

[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing

mailing-list

vendor-advisory

FEDORA-2021-cbf14ab8f9

vendor-advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.tenable.com/security/tns-2021-10

https://www.tenable.com/security/tns-2021-09

https://security.netapp.com/advisory/ntap-20210513-0002/

https://security.netapp.com/advisory/ntap-20210326-0006/

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc

https://www.tenable.com/security/tns-2021-06

https://www.tenable.com/security/tns-2021-05

https://kc.mcafee.com/corporate/index?page=content&id=SB10356

https://www.oracle.com//security-alerts/cpujul2021.html

https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013

[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update

mailing-list

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/security-alerts/cpuapr2022.html

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

https://www.oracle.com/security-alerts/cpujul2022.html

https://security.netapp.com/advisory/ntap-20240621-0006/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.