An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| OpenSSL | OpenSSL | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
Configuration 23 [-]
| AND |
|
Configuration 24 [-]
| AND |
|
Configuration 25 [-]
| AND |
|
Configuration 26 [-]
| AND |
|
Configuration 27 [-]
| AND |
|
Configuration 28 [-]
| AND |
|
Configuration 29 [-]
| AND |
|
Configuration 30 [-]
| AND |
|
Configuration 31 [-]
| AND |
|
Configuration 32 [-]
| AND |
|
Configuration 33 [-]
| AND |
|
Configuration 34 [-]
| AND |
|
Configuration 35 [-]
| AND |
|
Configuration 36 [-]
| AND |
|
Configuration 37 [-]
| AND |
|
Configuration 38 [-]
| AND |
|
Configuration 39 [-]
| AND |
|
Configuration 40 [-]
| AND |
|
Configuration 41 [-]
| AND |
|
Configuration 42 [-]
| AND |
|
Configuration 43 [-]
| AND |
|
Configuration 44 [-]
| AND |
|
Configuration 45 [-]
| AND |
|
Configuration 46 [-]
| AND |
|
Configuration 47 [-]
| AND |
|
Configuration 48 [-]
| AND |
|
Configuration 49 [-]
| AND |
|
Configuration 50 [-]
| AND |
|
Configuration 51 [-]
| AND |
|
Configuration 52 [-]
| AND |
|
Configuration 53 [-]
| AND |
|
Configuration 54 [-]
| AND |
|
Configuration 55 [-]
| AND |
|
Configuration 56 [-]
| AND |
|
Configuration 57 [-]
| AND |
|
Configuration 58 [-]
| AND |
|
Configuration 59 [-]
| AND |
|
Configuration 60 [-]
| AND |
|
Configuration 61 [-]
| AND |
|
Configuration 62 [-]
| AND |
|
Configuration 63 [-]
| AND |
|
Configuration 64 [-]
| AND |
|
Configuration 65 [-]
| AND |
|
Configuration 66 [-]
| AND |
|
Configuration 67 [-]
| AND |
|
Configuration 68 [-]
| AND |
|
Configuration 69 [-]
| AND |
|
Configuration 70 [-]
| AND |
|
Configuration 71 [-]
| AND |
|
Configuration 72 [-]
|
Configuration 73 [-]
|
Configuration 74 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| JBCS 2.4.37 SP7 | |||
| openssl | cpe:/a:redhat:jboss_core_services:1 | RHSA-2021:1200 | 2021-04-14T00:00:00Z |
| JBoss Core Services on RHEL 7 | |||
| jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7 | cpe:/a:redhat:jboss_core_services:1::el7 | RHSA-2021:1199 | 2021-04-14T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| openssl-1:1.1.1g-15.el8_3 | cpe:/o:redhat:enterprise_linux:8 | RHSA-2021:1024 | 2021-03-30T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Extended Update Support | |||
| openssl-1:1.1.1c-5.el8_1 | cpe:/o:redhat:rhel_eus:8.1 | RHSA-2021:1131 | 2021-04-07T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Extended Update Support | |||
| openssl-1:1.1.1c-18.el8_2 | cpe:/o:redhat:rhel_eus:8.2 | RHSA-2021:1063 | 2021-04-05T00:00:00Z |
| Red Hat JBoss Web Server 3.1 | |||
| cpe:/a:redhat:jboss_enterprise_web_server:3.1 | RHSA-2021:1203 | 2021-04-14T00:00:00Z | |
| Red Hat JBoss Web Server 3 for RHEL 7 | |||
| tomcat-native-0:1.2.23-24.redhat_24.ep7.el7 | cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7 | RHSA-2021:1202 | 2021-04-14T00:00:00Z |
| Red Hat JBoss Web Server 5 | |||
| cpe:/a:redhat:jboss_enterprise_web_server:5.4 | RHSA-2021:1196 | 2021-04-14T00:00:00Z | |
| Red Hat JBoss Web Server 5.4 on RHEL 7 | |||
| jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws | cpe:/a:redhat:jboss_enterprise_web_server:5.4::el7 | RHSA-2021:1195 | 2021-04-14T00:00:00Z |
| Red Hat JBoss Web Server 5.4 on RHEL 8 | |||
| jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws | cpe:/a:redhat:jboss_enterprise_web_server:5.4::el8 | RHSA-2021:1195 | 2021-04-14T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | |||
| redhat-virtualization-host-0:4.4.5-20210330.0.el8_3 | cpe:/o:redhat:rhev_hypervisor:4.4::el8 | RHSA-2021:1189 | 2021-04-14T00:00:00Z |
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Checkpoint
Subscribe
|
|
|
Debian
Subscribe
|
Debian Linux
Subscribe
|
|
Fedoraproject
Subscribe
|
Fedora
Subscribe
|
|
Freebsd
Subscribe
|
Freebsd
Subscribe
|
|
Mcafee
Subscribe
|
|
|
Netapp
Subscribe
|
Active Iq Unified Manager
Subscribe
Cloud Volumes Ontap Mediator
Subscribe
E-series Performance Analyzer
Subscribe
Oncommand Insight
Subscribe
Oncommand Workflow Automation
Subscribe
Ontap Select Deploy Administration Utility
Subscribe
Santricity Smi-s Provider
Subscribe
Snapcenter
Subscribe
Storagegrid
Subscribe
|
|
Nodejs
Subscribe
|
Node.js
Subscribe
|
|
Openssl
Subscribe
|
Openssl
Subscribe
|
|
Oracle
Subscribe
|
Communications Communications Policy Management
Subscribe
Enterprise Manager For Storage Management
Subscribe
Essbase
Subscribe
Graalvm
Subscribe
Jd Edwards Enterpriseone Tools
Subscribe
Jd Edwards World Security
Subscribe
Mysql Connectors
Subscribe
Mysql Server
Subscribe
Mysql Workbench
Subscribe
Peoplesoft Enterprise Peopletools
Subscribe
Primavera Unifier
Subscribe
Secure Backup
Subscribe
Secure Global Desktop
Subscribe
Zfs Storage Appliance Kit
Subscribe
|
|
Redhat
Subscribe
|
|
|
Siemens
Subscribe
|
Ruggedcom Rcm1224
Subscribe
Ruggedcom Rcm1224 Firmware
Subscribe
Scalance Lpe9403
Subscribe
Scalance Lpe9403 Firmware
Subscribe
Scalance M-800
Subscribe
Scalance M-800 Firmware
Subscribe
Scalance S602
Subscribe
Scalance S602 Firmware
Subscribe
Scalance S612
Subscribe
Scalance S612 Firmware
Subscribe
Scalance S615
Subscribe
Scalance S615 Firmware
Subscribe
Scalance S623
Subscribe
Scalance S623 Firmware
Subscribe
Scalance S627-2m
Subscribe
Scalance S627-2m Firmware
Subscribe
Scalance Sc-600
Subscribe
Scalance Sc-600 Firmware
Subscribe
Scalance W1700
Subscribe
Scalance W1700 Firmware
Subscribe
Scalance W700
Subscribe
Scalance W700 Firmware
Subscribe
Scalance Xb-200
Subscribe
Scalance Xb-200 Firmware
Subscribe
Scalance Xc-200
Subscribe
Scalance Xc-200 Firmware
Subscribe
Scalance Xf-200ba
Subscribe
Scalance Xf-200ba Firmware
Subscribe
Scalance Xm-400
Subscribe
Scalance Xm-400 Firmware
Subscribe
Scalance Xp-200
Subscribe
Scalance Xp-200 Firmware
Subscribe
Scalance Xr-300wg
Subscribe
Scalance Xr-300wg Firmware
Subscribe
Scalance Xr524-8c
Subscribe
Scalance Xr524-8c Firmware
Subscribe
Scalance Xr526-8c
Subscribe
Scalance Xr526-8c Firmware
Subscribe
Scalance Xr528-6m
Subscribe
Scalance Xr528-6m Firmware
Subscribe
Scalance Xr552-12
Subscribe
Scalance Xr552-12 Firmware
Subscribe
Simatic Cloud Connect 7
Subscribe
Simatic Cloud Connect 7 Firmware
Subscribe
Simatic Cp 1242-7 Gprs V2
Subscribe
Simatic Cp 1242-7 Gprs V2 Firmware
Subscribe
Simatic Hmi Basic Panels 2nd Generation
Subscribe
Simatic Hmi Basic Panels 2nd Generation Firmware
Subscribe
Simatic Hmi Comfort Outdoor Panels
Subscribe
Simatic Hmi Comfort Outdoor Panels Firmware
Subscribe
Simatic Hmi Ktp Mobile Panels
Subscribe
Simatic Hmi Ktp Mobile Panels Firmware
Subscribe
Simatic Logon
Subscribe
Simatic Mv500
Subscribe
Simatic Mv500 Firmware
Subscribe
Simatic Net Cp1243-7 Lte Eu
Subscribe
Simatic Net Cp1243-7 Lte Eu Firmware
Subscribe
Simatic Net Cp1243-7 Lte Us
Subscribe
Simatic Net Cp1243-7 Lte Us Firmware
Subscribe
Simatic Net Cp 1243-1
Subscribe
Simatic Net Cp 1243-1 Firmware
Subscribe
Simatic Net Cp 1243-8 Irc
Subscribe
Simatic Net Cp 1243-8 Irc Firmware
Subscribe
Simatic Net Cp 1542sp-1 Irc
Subscribe
Simatic Net Cp 1542sp-1 Irc Firmware
Subscribe
Simatic Net Cp 1543-1
Subscribe
Simatic Net Cp 1543-1 Firmware
Subscribe
Simatic Net Cp 1543sp-1
Subscribe
Simatic Net Cp 1543sp-1 Firmware
Subscribe
Simatic Net Cp 1545-1
Subscribe
Simatic Net Cp 1545-1 Firmware
Subscribe
Simatic Pcs 7 Telecontrol
Subscribe
Simatic Pcs 7 Telecontrol Firmware
Subscribe
Simatic Pcs Neo
Subscribe
Simatic Pcs Neo Firmware
Subscribe
Simatic Pdm
Subscribe
Simatic Pdm Firmware
Subscribe
Simatic Process Historian Opc Ua Server
Subscribe
Simatic Process Historian Opc Ua Server Firmware
Subscribe
Simatic Rf166c
Subscribe
Simatic Rf166c Firmware
Subscribe
Simatic Rf185c
Subscribe
Simatic Rf185c Firmware
Subscribe
Simatic Rf186c
Subscribe
Simatic Rf186c Firmware
Subscribe
Simatic Rf186ci
Subscribe
Simatic Rf186ci Firmware
Subscribe
Simatic Rf188c
Subscribe
Simatic Rf188c Firmware
Subscribe
Simatic Rf188ci
Subscribe
Simatic Rf188ci Firmware
Subscribe
Simatic Rf360r
Subscribe
Simatic Rf360r Firmware
Subscribe
Simatic S7-1200 Cpu 1211c
Subscribe
Simatic S7-1200 Cpu 1211c Firmware
Subscribe
Simatic S7-1200 Cpu 1212c
Subscribe
Simatic S7-1200 Cpu 1212c Firmware
Subscribe
Simatic S7-1200 Cpu 1212fc
Subscribe
Simatic S7-1200 Cpu 1212fc Firmware
Subscribe
Simatic S7-1200 Cpu 1214 Fc
Subscribe
Simatic S7-1200 Cpu 1214 Fc Firmware
Subscribe
Simatic S7-1200 Cpu 1214c
Subscribe
Simatic S7-1200 Cpu 1214c Firmware
Subscribe
Simatic S7-1200 Cpu 1215 Fc
Subscribe
Simatic S7-1200 Cpu 1215 Fc Firmware
Subscribe
Simatic S7-1200 Cpu 1215c
Subscribe
Simatic S7-1200 Cpu 1215c Firmware
Subscribe
Simatic S7-1200 Cpu 1217c
Subscribe
Simatic S7-1200 Cpu 1217c Firmware
Subscribe
Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp
Subscribe
Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp Firmware
Subscribe
Simatic Wincc Runtime Advanced
Subscribe
Simatic Wincc Telecontrol
Subscribe
Sinamics Connect 300
Subscribe
Sinamics Connect 300 Firmware
Subscribe
Sinec Infrastructure Network Services
Subscribe
Sinec Nms
Subscribe
Sinec Pni
Subscribe
Sinema Server
Subscribe
Sinumerik Opc Ua Server
Subscribe
Tia Administrator
Subscribe
Tim 1531 Irc
Subscribe
Tim 1531 Irc Firmware
Subscribe
|
|
Sonicwall
Subscribe
|
|
|
Tenable
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2751-1 | postgresql-9.6 security update |
 Debian DSA |
DSA-4875-1 | openssl security update |
 EUVD |
EUVD-2021-1628 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). |
 Github GHSA |
GHSA-83mx-573x-5rw9 | openssl-src NULL pointer Dereference in signature_algorithms processing |
 Ubuntu USN |
USN-4891-1 | OpenSSL vulnerability |
| Ubuntu USN |
USN-5038-1 | PostgreSQL vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: openssl
Published:
Updated: 2024-09-17T03:43:55.497Z
Reserved: 2021-03-17T00:00:00
Link: CVE-2021-3449
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-25T15:15:13.450
Modified: 2024-11-21T06:21:33.050
Link: CVE-2021-3449
Redhat
OpenCVE Enrichment
No data.
Weaknesses