Skip to main content

OpenSSL CVE-2021-3449

MEDIUM
NULL Pointer Dereference (CWE-476)
2021-03-25 openssl-security@openssl.org
Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd Active Iq Unified Manager Cloud Volumes Ontap Mediator E Series Performance Analyzer Oncommand Insight Oncommand Workflow Automation Ontap Select Deploy Administration Utility Santricity Smi S Provider Snapcenter Storagegrid Log Correlation Engine Nessus Nessus Network Monitor Tenable Sc Fedora Web Gateway Web Gateway Cloud Service Quantum Security Management Firmware Multi Domain Management Firmware Quantum Security Gateway Firmware Communications Communications Policy Management Enterprise Manager For Storage Management Essbase Graalvm Jd Edwards Enterpriseone Tools Jd Edwards World Security Mysql Connectors Mysql Server Mysql Workbench Peoplesoft Enterprise Peopletools Primavera Unifier Secure Backup Secure Global Desktop Zfs Storage Appliance Kit Sma100 Firmware Capture Client Sonicos Ruggedcom Rcm1224 Firmware Scalance Lpe9403 Firmware Scalance M 800 Firmware Scalance S602 Firmware Scalance S612 Firmware Scalance S615 Firmware Scalance S623 Firmware Scalance S627 2M Firmware Scalance Sc 600 Firmware Scalance W700 Firmware Scalance W1700 Firmware Scalance Xb 200 Firmware Scalance Xc 200 Firmware Scalance Xf 200Ba Firmware Scalance Xm 400 Firmware Scalance Xp 200 Firmware Scalance Xr 300Wg Firmware Scalance Xr524 8C Firmware Scalance Xr526 8C Firmware Scalance Xr528 6M Firmware Scalance Xr552 12 Firmware Simatic Cloud Connect 7 Firmware Simatic Cp 1242 7 Gprs V2 Firmware Simatic Hmi Basic Panels 2Nd Generation Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Firmware Simatic Mv500 Firmware Simatic Net Cp 1243 1 Firmware Simatic Net Cp1243 7 Lte Eu Firmware Simatic Net Cp1243 7 Lte Us Firmware Simatic Net Cp 1243 8 Irc Firmware Simatic Net Cp 1542Sp 1 Irc Firmware Simatic Net Cp 1543 1 Firmware Simatic Net Cp 1543Sp 1 Firmware Simatic Net Cp 1545 1 Firmware Simatic Pcs 7 Telecontrol Firmware Simatic Pcs Neo Firmware Simatic Pdm Firmware Simatic Process Historian Opc Ua Server Firmware Simatic Rf166C Firmware Simatic Rf185C Firmware Simatic Rf186C Firmware Simatic Rf186Ci Firmware Simatic Rf188C Firmware Simatic Rf188Ci Firmware Simatic Rf360R Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware Simatic S7 1200 Cpu 1212Fc Firmware Simatic S7 1200 Cpu 1214 Fc Firmware Simatic S7 1200 Cpu 1214C Firmware Simatic S7 1200 Cpu 1215 Fc Firmware Simatic S7 1200 Cpu 1215C Firmware Simatic S7 1200 Cpu 1217C Firmware Simatic S7 1500 Cpu 1518 4 Pn Dp Mfp Firmware Sinamics Connect 300 Firmware Tim 1531 Irc Firmware Simatic Logon Simatic Wincc Runtime Advanced Simatic Wincc Telecontrol Sinec Nms Sinec Pni Sinema Server Sinumerik Opc Ua Server Tia Administrator Sinec Infrastructure Network Services Node Js
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 25, 2021 - 15:15 nvd
MEDIUM 5.9

DescriptionNVD

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

AnalysisAI

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). Affected products include: Openssl, Debian Debian Linux, Freebsd, Netapp Active Iq Unified Manager, Netapp Cloud Volumes Ontap Mediator.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

CVE-2021-3449 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy