CVE-2021-3449

MEDIUM

Openssl < 1.1.1k - NULL Pointer Dereference

Title source: rule

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Exploits (2)

nomisec WORKING POC 224 stars

by riptl · poc

https://github.com/riptl/cve-2021-3449

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/terorie/cve-2021-3449

View Code ZIP pw:eip

References (29)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/03/27/1

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/03/27/2

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/03/28/3

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/03/28/4

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

[Patch, Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

[Vendor Advisory] https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148

[Third Party Advisory] https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845

[Third Party Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10356

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html

[Third Party Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013

[Third Party Advisory] https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc

[Third Party Advisory] https://security.gentoo.org/glsa/202103-03

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210326-0006/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210513-0002/

[Third Party Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd

[Third Party Advisory] https://www.debian.org/security/2021/dsa-4875

[Vendor Advisory] https://www.openssl.org/news/secadv/20210325.txt

[Patch, Third Party Advisory] https://www.oracle.com//security-alerts/cpujul2021.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

... and 9 more

Scores

CVSS v3 5.9

EPSS 0.0986

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (48)

checkpoint/multi-domain_management_firmware r80.40

checkpoint/multi-domain_management_firmware r81

checkpoint/quantum_security_gateway_firmware r80.40

checkpoint/quantum_security_gateway_firmware r81

checkpoint/quantum_security_management_firmware r80.40

checkpoint/quantum_security_management_firmware r81

crates.io/openssl-src 0 - 111.15.0crates.io

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 34

... and 38 more

Published Mar 25, 2021

Tracked Since Feb 18, 2026