CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Published: Mar 25, 2021
Updated: Nov 8, 2023
CVE: CVE-2021-3449
GHSA: GHSA-83mx-573x-5rw9
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
openssl / openssl	1.1.1	1.1.1k
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
freebsd / freebsd	12.2-p1	12.2-p1.x
freebsd / freebsd	12.2-p2	12.2-p2.x
freebsd / freebsd	12.2	12.2.x
tenable / tenable.sc	5.13.0	5.17.0.x
tenable / nessus	-	8.13.1.x
tenable / nessus_network_monitor	5.11.1	5.11.1.x
tenable / nessus_network_monitor	5.12.0	5.12.0.x
tenable / nessus_network_monitor	5.12.1	5.12.1.x
tenable / nessus_network_monitor	5.13.0	5.13.0.x
tenable / nessus_network_monitor	5.11.0	5.11.0.x
tenable / log_correlation_engine	-	6.0.9
fedoraproject / fedora	34	34.x
mcafee / web_gateway_cloud_service	10.1.1	10.1.1.x
mcafee / web_gateway_cloud_service	9.2.10	9.2.10.x
mcafee / web_gateway_cloud_service	8.2.19	8.2.19.x
mcafee / web_gateway	10.1.1	10.1.1.x
mcafee / web_gateway	9.2.10	9.2.10.x
mcafee / web_gateway	8.2.19	8.2.19.x
checkpoint / quantum_security_management_firmware	r80.40	r80.40.x
checkpoint / quantum_security_management_firmware	r81	r81.x
checkpoint / multi-domain_management_firmware	r80.40	r80.40.x
checkpoint / multi-domain_management_firmware	r81	r81.x
checkpoint / quantum_security_gateway_firmware	r80.40	r80.40.x
checkpoint / quantum_security_gateway_firmware	r81	r81.x
oracle / peoplesoft_enterprise_peopletools	8.57	8.57.x
oracle / jd_edwards_world_security	a9.4	a9.4.x
oracle / primavera_unifier	17.7	17.12.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / primavera_unifier	19.12	19.12.x
oracle / enterprise_manager_for_storage_management	13.4.0.0	13.4.0.0.x
oracle / primavera_unifier	20.12	20.12.x
oracle / zfs_storage_appliance_kit	8.8	8.8.x
oracle / secure_global_desktop	5.6	5.6.x
oracle / graalvm	20.3.1.2	20.3.1.2.x
oracle / graalvm	21.0.0.2	21.0.0.2.x
oracle / graalvm	19.3.5	19.3.5.x
oracle / mysql_server	8.0.15	8.0.23.x
oracle / mysql_server	-	5.7.33.x
oracle / mysql_workbench	-	8.0.23.x
oracle / peoplesoft_enterprise_peopletools	8.59	8.59.x
oracle / essbase	21.2	21.2.x
oracle / mysql_connectors	-	8.0.23.x
oracle / jd_edwards_enterpriseone_tools	-	9.2.6.0
oracle / primavera_unifier	21.12	21.12.x
oracle / secure_backup	-	18.1.0.1.0
oracle / communications_communications_policy_management	12.6.0.0.0	12.6.0.0.0.x
sonicwall / sma100_firmware	10.2.0.0	10.2.1.0-17sv
sonicwall / capture_client	3.5	3.5.x
sonicwall / sonicos	7.0.1.0	7.0.1.0.x
siemens / ruggedcom_rcm1224_firmware	6.2	6.2.x
siemens / scalance_lpe9403_firmware	-	-
siemens / scalance_m-800_firmware	6.2	6.2.x
siemens / scalance_s602_firmware	4.1	4.1.x
siemens / scalance_s612_firmware	4.1	4.1.x
siemens / scalance_s615_firmware	6.2	6.2.x
siemens / scalance_s623_firmware	4.1	4.1.x
siemens / scalance_s627-2m_firmware	4.1	4.1.x
siemens / scalance_sc-600_firmware	2.0	2.0.x
siemens / scalance_w700_firmware	6.5	6.5.x
siemens / scalance_w1700_firmware	2.0	2.0.x
siemens / scalance_xb-200_firmware	-	4.3
siemens / scalance_xc-200_firmware	-	4.3
siemens / scalance_xf-200ba_firmware	-	4.3
siemens / scalance_xm-400_firmware	-	6.4
siemens / scalance_xp-200_firmware	-	4.3
siemens / scalance_xr-300wg_firmware	-	4.3
siemens / scalance_xr524-8c_firmware	-	6.4
siemens / scalance_xr526-8c_firmware	-	6.4
siemens / scalance_xr528-6m_firmware	-	6.4
siemens / scalance_xr552-12_firmware	-	6.4
siemens / simatic_cloud_connect_7_firmware	1.1	1.1.x
siemens / simatic_cp_1242-7_gprs_v2_firmware	3.1	3.1.x
siemens / simatic_hmi_basic_panels_2nd_generation_firmware	-	-
siemens / simatic_hmi_comfort_outdoor_panels_firmware	-	-
siemens / simatic_hmi_ktp_mobile_panels_firmware	-	-
siemens / simatic_mv500_firmware	-	-
siemens / simatic_net_cp_1243-1_firmware	3.1	3.1.x
siemens / simatic_net_cp1243-7_lte_eu_firmware	3.1	3.1.x
siemens / simatic_net_cp1243-7_lte_us_firmware	3.1	3.1.x
siemens / simatic_net_cp_1243-8_irc_firmware	3.1	3.1.x
siemens / simatic_net_cp_1542sp-1_irc_firmware	2.1	2.1.x
siemens / simatic_net_cp_1543-1_firmware	2.2	3.0
siemens / simatic_net_cp_1543sp-1_firmware	2.1	2.1.x
siemens / simatic_net_cp_1545-1_firmware	1.0	1.0.x
siemens / simatic_pcs_7_telecontrol_firmware	-	-
siemens / simatic_pcs_neo_firmware	-	-
siemens / simatic_pdm_firmware	9.1.0.7	9.1.0.7.x
siemens / simatic_process_historian_opc_ua_server_firmware	2019	2019.x
siemens / simatic_rf166c_firmware	-	-
siemens / simatic_rf185c_firmware	-	-
siemens / simatic_rf186c_firmware	-	-
siemens / simatic_rf186ci_firmware	-	-
siemens / simatic_rf188c_firmware	-	-
siemens / simatic_rf188ci_firmware	-	-
siemens / simatic_rf360r_firmware	-	-
siemens / simatic_s7-1200_cpu_1211c_firmware	-	-
siemens / simatic_s7-1200_cpu_1212c_firmware	-	-
siemens / simatic_s7-1200_cpu_1212fc_firmware	-	-
siemens / simatic_s7-1200_cpu_1214_fc_firmware	-	-
siemens / simatic_s7-1200_cpu_1214c_firmware	-	-
siemens / simatic_s7-1200_cpu_1215_fc_firmware	-	-
siemens / simatic_s7-1200_cpu_1215c_firmware	-	-
siemens / simatic_s7-1200_cpu_1217c_firmware	-	-
siemens / simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware	-	-
siemens / sinamics_connect_300_firmware	-	-
siemens / tim_1531_irc_firmware	2.0	2.2
siemens / simatic_wincc_runtime_advanced	-	-
siemens / sinema_server	14.0-sp2_update1	14.0-sp2_update1.x
siemens / sinema_server	14.0-sp1	14.0-sp1.x
siemens / sinema_server	14.0-sp2	14.0-sp2.x
siemens / sinema_server	14.0	14.0.x
siemens / simatic_logon	1.6.0.2	1.6.0.2.x
siemens / simatic_logon	1.5-sp3_update_1	1.5-sp3_update_1.x
siemens / sinec_nms	1.0-sp1	1.0-sp1.x
siemens / sinec_nms	1.0	1.0.x
siemens / tia_administrator	-	-
siemens / sinema_server	14.0-sp2_update2	14.0-sp2_update2.x
siemens / sinumerik_opc_ua_server	-	-
siemens / sinec_infrastructure_network_services	-	1.0.1.1
nodejs / node.js	14.0.0	14.14.0.x
nodejs / node.js	10.0.0	10.12.0.x
nodejs / node.js	12.0.0	12.12.0.x
nodejs / node.js	14.15.0	14.16.1
nodejs / node.js	12.13.0	12.22.1
nodejs / node.js	10.13.0	10.24.0.x
nodejs / node.js	15.0.0	15.14.0
openssl-src	-	111.15.0

Vulnerability Database

289,599

CVE-2021-3449