CVE-2021-3449

MEDIUM

Openssl < 1.1.1k - NULL Pointer Dereference

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-3449. PoCs published by riptl.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2021-3449, a NULL pointer dereference vulnerability in OpenSSL versions prior to 1.1.1k. The exploit triggers a Denial-of-Service (DoS) by sending a maliciously crafted ClientHello during TLSv1.2 secure renegotiation.

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Exploits (2)

nomisec WORKING POC 224 stars
by riptl · poc
https://github.com/riptl/cve-2021-3449

This repository contains a functional proof-of-concept exploit for CVE-2021-3449, a NULL pointer dereference vulnerability in OpenSSL versions prior to 1.1.1k. The exploit triggers a Denial-of-Service (DoS) by sending a maliciously crafted ClientHello during TLSv1.2 secure renegotiation.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL <1.1.1k
No auth needed
Prerequisites: TLSv1.2 server with secure renegotiation enabled · Vulnerable OpenSSL version (<1.1.1k)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/terorie/cve-2021-3449

This repository contains a functional proof-of-concept exploit for CVE-2021-3449, a NULL pointer dereference vulnerability in OpenSSL versions prior to 1.1.1k. The exploit triggers a DoS by sending a maliciously crafted ClientHello during TLS renegotiation.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL <1.1.1k
No auth needed
Prerequisites: TLSv1.2 server with secure renegotiation enabled · Vulnerable OpenSSL version (<1.1.1k)
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (29)

Core 29
Core References
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-4875
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/03/27/1
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/03/27/2
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/03/28/3
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/03/28/4
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202103-03
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html

Scores

CVSS v3 5.9
EPSS 0.0986
EPSS Percentile 93.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (48)
checkpoint/multi-domain_management_firmware r80.40
checkpoint/multi-domain_management_firmware r81
checkpoint/quantum_security_gateway_firmware r80.40
checkpoint/quantum_security_gateway_firmware r81
checkpoint/quantum_security_management_firmware r80.40
checkpoint/quantum_security_management_firmware r81
crates.io/openssl-src 0 - 111.15.0crates.io
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 34
... and 38 more
Published Mar 25, 2021
Tracked Since Feb 18, 2026