CVE-2021-3449

high-risk

Published 2021-03-25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Do I need to act?

9.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Openssl

Debian Linux

Freebsd

Active Iq Unified Manager

Cloud Volumes Ontap Mediator

E-Series Performance Analyzer

Oncommand Insight

Oncommand Workflow Automation

Ontap Select Deploy Administration Utility

Santricity Smi-S Provider

Snapcenter

Storagegrid

Log Correlation Engine

Nessus

Nessus Network Monitor

Affected Vendors

Freebsd Debian Oracle Siemens Checkpoint Openssl Mcafee Sonicwall Fedoraproject Netapp Nodejs Tenable

References (58)

Mailing List http://www.openwall.com/lists/oss-security/2021/03/27/1

Mailing List http://www.openwall.com/lists/oss-security/2021/03/27/2

Mailing List http://www.openwall.com/lists/oss-security/2021/03/28/3

Mailing List http://www.openwall.com/lists/oss-security/2021/03/28/4

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48...

Third Party Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845

Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10356

Mailing List https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013

Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc

Third Party Advisory https://security.gentoo.org/glsa/202103-03

Third Party Advisory https://security.netapp.com/advisory/ntap-20210326-0006/

Third Party Advisory https://security.netapp.com/advisory/ntap-20210513-0002/

https://security.netapp.com/advisory/ntap-20240621-0006/

Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-o...

Third Party Advisory https://www.debian.org/security/2021/dsa-4875

Vendor Advisory https://www.openssl.org/news/secadv/20210325.txt

and 38 more references

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 11/34 · Low

Exposure 32/34 · Critical