CVE-2021-3449
Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | < 111.15.0 | 111.15.0 |
Affected products
39- osv-coords38 versionspkg:bitnami/nodepkg:bitnami/node-minpkg:cargo/openssl-srcpkg:rpm/opensuse/matrix-synapse&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nodejs10&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Certifications%2015%20SP3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openssl-1_1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 10.0.0, < 10.12.1+ 37 more
- (no CPE)range: >= 10.0.0, < 10.12.1
- (no CPE)range: >= 10.0.0, < 10.12.1
- (no CPE)range: < 111.15.0
- (no CPE)range: < 1.43.0-1.1
- (no CPE)range: < 10.24.1-lp152.2.15.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 12.22.2-lp152.3.15.1
- (no CPE)range: < 12.22.2-4.16.1
- (no CPE)range: < 1.1.1d-lp152.7.15.1
- (no CPE)range: < 1.1.1l-1.2
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.39.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 10.24.1-1.36.1
- (no CPE)range: < 12.22.2-1.32.1
- (no CPE)range: < 12.22.2-4.16.1
- (no CPE)range: < 12.22.2-4.16.1
- (no CPE)range: < 1.1.1d-11.20.1
- (no CPE)range: < 1.1.1d-11.20.1
- (no CPE)range: < 1.1.1d-11.20.1
- (no CPE)range: < 1.1.1d-2.33.1
- (no CPE)range: < 1.1.1d-2.33.1
- (no CPE)range: < 1.1.1d-2.33.1
- (no CPE)range: < 1.1.1d-2.33.1
- (no CPE)range: < 1.1.1d-2.33.1
- (no CPE)range: < 1.1.1d-2.33.1
- (no CPE)range: < 1.1.1d-2.33.1
- Range: Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)
Patches
Vulnerability mechanics
References
37- cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfnvdPatchThird Party AdvisoryWEB
- www.oracle.com//security-alerts/cpujul2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2021/03/27/1nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2021/03/27/2nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2021/03/28/3nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2021/03/28/4nvdMailing ListThird Party AdvisoryWEB
- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfnvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-83mx-573x-5rw9ghsaADVISORY
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845nvdThird Party AdvisoryWEB
- kc.mcafee.com/corporate/indexnvdThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2021/08/msg00029.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-3449ghsaADVISORY
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013nvdThird Party AdvisoryWEB
- security.freebsd.org/advisories/FreeBSD-SA-21:07.openssl.ascnvdThird Party AdvisoryWEB
- security.gentoo.org/glsa/202103-03nvdThird Party AdvisoryWEB
- security.netapp.com/advisory/ntap-20210326-0006/nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20210513-0002/nvdThird Party Advisory
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJdnvdThird Party AdvisoryWEB
- www.debian.org/security/2021/dsa-4875nvdThird Party AdvisoryWEB
- www.openssl.org/news/secadv/20210325.txtnvdVendor AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2022.htmlnvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2021-05nvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2021-06nvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2021-09nvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2021-10nvdThird Party AdvisoryWEB
- git.openssl.org/gitweb/ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNPghsaWEB
- rustsec.org/advisories/RUSTSEC-2021-0055ghsaWEB
- rustsec.org/advisories/RUSTSEC-2021-0055.htmlghsaWEB
- security.netapp.com/advisory/ntap-20210326-0006ghsaWEB
- security.netapp.com/advisory/ntap-20210513-0002ghsaWEB
- git.openssl.org/gitweb/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/nvd
- security.netapp.com/advisory/ntap-20240621-0006/nvd
News mentions
0No linked articles in our index yet.