Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Published: 2021-03-25
Score: 5.9 Medium
EPSS: 8.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-2751-1 postgresql-9.6 security update
Debian DSA Debian DSA DSA-4875-1 openssl security update
EUVD EUVD EUVD-2021-1628 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Github GHSA Github GHSA GHSA-83mx-573x-5rw9 openssl-src NULL pointer Dereference in signature_algorithms processing
Ubuntu USN Ubuntu USN USN-4891-1 OpenSSL vulnerability
Ubuntu USN Ubuntu USN USN-5038-1 PostgreSQL vulnerabilities
References
Link Providers
http://www.openwall.com/lists/oss-security/2021/03/27/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2021/03/27/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2021/03/28/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2021/03/28/4 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf cve-icon cve-icon
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 cve-icon cve-icon
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10356 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-3449 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 cve-icon cve-icon
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc cve-icon cve-icon
https://security.gentoo.org/glsa/202103-03 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20210326-0006/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20210513-0002/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20240621-0006/ cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-3449 cve-icon
https://www.debian.org/security/2021/dsa-4875 cve-icon cve-icon
https://www.openssl.org/news/secadv/20210325.txt cve-icon cve-icon cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
https://www.tenable.com/security/tns-2021-05 cve-icon cve-icon
https://www.tenable.com/security/tns-2021-06 cve-icon cve-icon
https://www.tenable.com/security/tns-2021-09 cve-icon cve-icon
https://www.tenable.com/security/tns-2021-10 cve-icon cve-icon
History

No history.

Subscriptions

Checkpoint Multi-domain Management Multi-domain Management Firmware Quantum Security Gateway Quantum Security Gateway Firmware Quantum Security Management Quantum Security Management Firmware
Debian Debian Linux
Fedoraproject Fedora
Freebsd Freebsd
Mcafee Web Gateway Web Gateway Cloud Service
Netapp Active Iq Unified Manager Cloud Volumes Ontap Mediator E-series Performance Analyzer Oncommand Insight Oncommand Workflow Automation Ontap Select Deploy Administration Utility Santricity Smi-s Provider Snapcenter Storagegrid
Nodejs Node.js
Openssl Openssl
Oracle Communications Communications Policy Management Enterprise Manager For Storage Management Essbase Graalvm Jd Edwards Enterpriseone Tools Jd Edwards World Security Mysql Connectors Mysql Server Mysql Workbench Peoplesoft Enterprise Peopletools Primavera Unifier Secure Backup Secure Global Desktop Zfs Storage Appliance Kit
Redhat Enterprise Linux Jboss Core Services Jboss Enterprise Web Server Rhel Eus Rhev Hypervisor
Siemens Ruggedcom Rcm1224 Ruggedcom Rcm1224 Firmware Scalance Lpe9403 Scalance Lpe9403 Firmware Scalance M-800 Scalance M-800 Firmware Scalance S602 Scalance S602 Firmware Scalance S612 Scalance S612 Firmware Scalance S615 Scalance S615 Firmware Scalance S623 Scalance S623 Firmware Scalance S627-2m Scalance S627-2m Firmware Scalance Sc-600 Scalance Sc-600 Firmware Scalance W1700 Scalance W1700 Firmware Scalance W700 Scalance W700 Firmware Scalance Xb-200 Scalance Xb-200 Firmware Scalance Xc-200 Scalance Xc-200 Firmware Scalance Xf-200ba Scalance Xf-200ba Firmware Scalance Xm-400 Scalance Xm-400 Firmware Scalance Xp-200 Scalance Xp-200 Firmware Scalance Xr-300wg Scalance Xr-300wg Firmware Scalance Xr524-8c Scalance Xr524-8c Firmware Scalance Xr526-8c Scalance Xr526-8c Firmware Scalance Xr528-6m Scalance Xr528-6m Firmware Scalance Xr552-12 Scalance Xr552-12 Firmware Simatic Cloud Connect 7 Simatic Cloud Connect 7 Firmware Simatic Cp 1242-7 Gprs V2 Simatic Cp 1242-7 Gprs V2 Firmware Simatic Hmi Basic Panels 2nd Generation Simatic Hmi Basic Panels 2nd Generation Firmware Simatic Hmi Comfort Outdoor Panels Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Simatic Hmi Ktp Mobile Panels Firmware Simatic Logon Simatic Mv500 Simatic Mv500 Firmware Simatic Net Cp1243-7 Lte Eu Simatic Net Cp1243-7 Lte Eu Firmware Simatic Net Cp1243-7 Lte Us Simatic Net Cp1243-7 Lte Us Firmware Simatic Net Cp 1243-1 Simatic Net Cp 1243-1 Firmware Simatic Net Cp 1243-8 Irc Simatic Net Cp 1243-8 Irc Firmware Simatic Net Cp 1542sp-1 Irc Simatic Net Cp 1542sp-1 Irc Firmware Simatic Net Cp 1543-1 Simatic Net Cp 1543-1 Firmware Simatic Net Cp 1543sp-1 Simatic Net Cp 1543sp-1 Firmware Simatic Net Cp 1545-1 Simatic Net Cp 1545-1 Firmware Simatic Pcs 7 Telecontrol Simatic Pcs 7 Telecontrol Firmware Simatic Pcs Neo Simatic Pcs Neo Firmware Simatic Pdm Simatic Pdm Firmware Simatic Process Historian Opc Ua Server Simatic Process Historian Opc Ua Server Firmware Simatic Rf166c Simatic Rf166c Firmware Simatic Rf185c Simatic Rf185c Firmware Simatic Rf186c Simatic Rf186c Firmware Simatic Rf186ci Simatic Rf186ci Firmware Simatic Rf188c Simatic Rf188c Firmware Simatic Rf188ci Simatic Rf188ci Firmware Simatic Rf360r Simatic Rf360r Firmware Simatic S7-1200 Cpu 1211c Simatic S7-1200 Cpu 1211c Firmware Simatic S7-1200 Cpu 1212c Simatic S7-1200 Cpu 1212c Firmware Simatic S7-1200 Cpu 1212fc Simatic S7-1200 Cpu 1212fc Firmware Simatic S7-1200 Cpu 1214 Fc Simatic S7-1200 Cpu 1214 Fc Firmware Simatic S7-1200 Cpu 1214c Simatic S7-1200 Cpu 1214c Firmware Simatic S7-1200 Cpu 1215 Fc Simatic S7-1200 Cpu 1215 Fc Firmware Simatic S7-1200 Cpu 1215c Simatic S7-1200 Cpu 1215c Firmware Simatic S7-1200 Cpu 1217c Simatic S7-1200 Cpu 1217c Firmware Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp Firmware Simatic Wincc Runtime Advanced Simatic Wincc Telecontrol Sinamics Connect 300 Sinamics Connect 300 Firmware Sinec Infrastructure Network Services Sinec Nms Sinec Pni Sinema Server Sinumerik Opc Ua Server Tia Administrator Tim 1531 Irc Tim 1531 Irc Firmware
Sonicwall Capture Client Sma100 Sma100 Firmware Sonicos
Tenable Log Correlation Engine Nessus Nessus Network Monitor Tenable.sc
cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published:

Updated: 2024-09-17T03:43:55.497Z

Reserved: 2021-03-17T00:00:00.000Z

Link: CVE-2021-3449

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-25T15:15:13.450

Modified: 2024-11-21T06:21:33.050

Link: CVE-2021-3449

cve-icon Redhat

Severity : Important

Publid Date: 2021-03-25T00:00:00Z

Links: CVE-2021-3449 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses