CVE-2021-3449

CVE Database · CVE-2021-3449

CVE-2021-3449

· MEDIUMModified

CVSS v3.1

5.9

EPSS

63.54%

Published

Mar 25, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-476

Affected Products (205)

openssl · openssl (up to 1.1.1k)vulnerable

debian · debian_linuxvulnerable

freebsd · freebsdvulnerable

netapp · active_iq_unified_managervulnerable

netapp · cloud_volumes_ontap_mediatorvulnerable

netapp · e-series_performance_analyzervulnerable

netapp · oncommand_insightvulnerable

References (20)

http://www.openwall.com/lists/oss-security/2021/03/27/1

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/03/27/2

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/03/28/3

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/03/28/4

Mailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

KEV Catalog EPSS Scores Vendors All CVEs

netapp · oncommand_workflow_automationvulnerable

netapp · ontap_select_deploy_administration_utilityvulnerable

netapp · santricity_smi-s_providervulnerable

netapp · snapcentervulnerable

netapp · storagegridvulnerable

tenable · log_correlation_engine (up to 6.0.9)vulnerable

tenable · nessusvulnerable

tenable · nessus_network_monitorvulnerable

tenable · tenable.scvulnerable

fedoraproject · fedoravulnerable

mcafee · web_gatewayvulnerable

mcafee · web_gateway_cloud_servicevulnerable

checkpoint · quantum_security_management_firmwarevulnerable

checkpoint · quantum_security_management

checkpoint · multi-domain_management_firmwarevulnerable

checkpoint · multi-domain_management

checkpoint · quantum_security_gateway_firmwarevulnerable

checkpoint · quantum_security_gateway

oracle · communications_communications_policy_managementvulnerable

oracle · enterprise_manager_for_storage_managementvulnerable

oracle · essbasevulnerable

oracle · graalvmvulnerable

oracle · jd_edwards_enterpriseone_tools (up to 9.2.6.0)vulnerable

oracle · jd_edwards_world_securityvulnerable

oracle · mysql_connectorsvulnerable

oracle · mysql_servervulnerable

PatchThird Party Advisory