CVE-2021-3449

MEDIUM

Openssl < 1.1.1k - NULL Pointer Dereference

Title source: rule

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Exploits (2)

nomisec WORKING POC 224 stars
by riptl · poc
https://github.com/riptl/cve-2021-3449
inthewild WORKING POC
poc
https://github.com/terorie/cve-2021-3449

References (29)

... and 9 more

Scores

CVSS v3 5.9
EPSS 0.0836
EPSS Percentile 92.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-476
Status published

Affected Products (50)

tenable/nessus < 8.13.1
openssl/openssl < 1.1.1k
debian/debian_linux
debian/debian_linux
freebsd/freebsd
freebsd/freebsd
freebsd/freebsd
netapp/active_iq_unified_manager
netapp/cloud_volumes_ontap_mediator
netapp/e-series_performance_analyzer
netapp/oncommand_insight
netapp/oncommand_workflow_automation
netapp/ontap_select_deploy_administration_utility
netapp/santricity_smi-s_provider
netapp/snapcenter
... and 35 more

Timeline

Published Mar 25, 2021
Tracked Since Feb 18, 2026