CVE-2021-3449
MEDIUMCVSS 5.9/10EPSS 63.54%
Last modified
CVE-2021-3449 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. EPSS estimates a 63.54% chance of exploitation in the next 30 days.
Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Openssl | Openssl | >= 1.1.1, < 1.1.1k | — |
| Debian | Debian Linux | 9.0 | — |
| Debian | Debian Linux | 10.0 | — |
| Freebsd | Freebsd | 12.2 | — |
| Netapp | Active Iq Unified Manager | All versions | — |
| Netapp | Cloud Volumes Ontap Mediator | All versions | — |
| Netapp | E-Series Performance Analyzer | All versions | — |
| Netapp | Oncommand Insight | All versions | — |
| Netapp | Oncommand Workflow Automation | All versions | — |
| Netapp | Ontap Select Deploy Administration Utility | All versions | — |
| Netapp | Santricity Smi-S Provider | All versions | — |
| Netapp | Snapcenter | All versions | — |
| Netapp | Storagegrid | All versions | — |
| Tenable | Log Correlation Engine | < 6.0.9 | — |
| Tenable | Nessus | <= 8.13.1 | — |
| Tenable | Nessus Network Monitor | 5.11.0 | — |
| Tenable | Nessus Network Monitor | 5.11.1 | — |
| Tenable | Nessus Network Monitor | 5.12.0 | — |
| Tenable | Nessus Network Monitor | 5.12.1 | — |
| Tenable | Nessus Network Monitor | 5.13.0 | — |
| Tenable | Tenable.Sc | >= 5.13.0, <= 5.17.0 | — |
| Fedoraproject | Fedora | 34 | — |
| Mcafee | Web Gateway | 8.2.19 | — |
| Mcafee | Web Gateway | 9.2.10 | — |
| Mcafee | Web Gateway | 10.1.1 | — |
| Mcafee | Web Gateway Cloud Service | 8.2.19 | — |
| Mcafee | Web Gateway Cloud Service | 9.2.10 | — |
| Mcafee | Web Gateway Cloud Service | 10.1.1 | — |
| Checkpoint | Quantum Security Management Firmware | r80.40 | — |
| Checkpoint | Quantum Security Management Firmware | r81 | — |
| Checkpoint | Multi-Domain Management Firmware | r80.40 | — |
| Checkpoint | Multi-Domain Management Firmware | r81 | — |
| Checkpoint | Quantum Security Gateway Firmware | r80.40 | — |
| Checkpoint | Quantum Security Gateway Firmware | r81 | — |
| Oracle | Communications Communications Policy Management | 12.6.0.0.0 | — |
| Oracle | Enterprise Manager For Storage Management | 13.4.0.0 | — |
| Oracle | Essbase | 21.2 | — |
| Oracle | Graalvm | 19.3.5 | — |
| Oracle | Graalvm | 20.3.1.2 | — |
| Oracle | Graalvm | 21.0.0.2 | — |
| Oracle | Jd Edwards Enterpriseone Tools | < 9.2.6.0 | — |
| Oracle | Jd Edwards World Security | a9.4 | — |
| Oracle | Mysql Connectors | <= 8.0.23 | — |
| Oracle | Mysql Server | <= 5.7.33 | — |
| Oracle | Mysql Server | >= 8.0.15, <= 8.0.23 | — |
| Oracle | Mysql Workbench | <= 8.0.23 | — |
| Oracle | Peoplesoft Enterprise Peopletools | 8.57 | — |
| Oracle | Peoplesoft Enterprise Peopletools | 8.58 | — |
| Oracle | Peoplesoft Enterprise Peopletools | 8.59 | — |
| Oracle | Primavera Unifier | >= 17.7, <= 17.12 | — |
Showing 50 of 135 affected configurations. See NVD for the full list.
References
- http://www.openwall.com/lists/oss-security/2021/03/27/1Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/27/2Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/28/3Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/28/4Mailing List, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfPatch, Third Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10356Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00029.htmlMailing List, Third Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013Third Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.ascThird Party Advisory
- https://security.gentoo.org/glsa/202103-03Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210326-0006/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210513-0002/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4875Third Party Advisory
- https://www.openssl.org/news/secadv/20210325.txtVendor Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
- https://www.tenable.com/security/tns-2021-05Third Party Advisory
- https://www.tenable.com/security/tns-2021-06Third Party Advisory
- https://www.tenable.com/security/tns-2021-09Third Party Advisory
- https://www.tenable.com/security/tns-2021-10Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/27/1Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/27/2Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/28/3Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/28/4Mailing List, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfPatch, Third Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10356Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00029.htmlMailing List, Third Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013Third Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.ascThird Party Advisory
- https://security.gentoo.org/glsa/202103-03Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210326-0006/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210513-0002/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4875Third Party Advisory
- https://www.openssl.org/news/secadv/20210325.txtVendor Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
- https://www.tenable.com/security/tns-2021-05Third Party Advisory
- https://www.tenable.com/security/tns-2021-06Third Party Advisory
- https://www.tenable.com/security/tns-2021-09Third Party Advisory
- https://www.tenable.com/security/tns-2021-10Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3449?
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
How severe is CVE-2021-3449?
CVE-2021-3449 has a CVSS score of 5.9/10 (MEDIUM severity). The EPSS model estimates a 63.54% probability of exploitation in the next 30 days.
How do I fix CVE-2021-3449?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-3449?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST