Vulnerability Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | >= 1.1.1, < 1.1.1k |
| Debian | Debian Linux | 9.0 |
| Freebsd | Freebsd | 12.2 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Cloud Volumes Ontap Mediator | - |
| Netapp | E-Series Performance Analyzer | - |
| Netapp | Oncommand Insight | - |
| Netapp | Oncommand Workflow Automation | - |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Santricity Smi-S Provider | - |
| Netapp | Snapcenter | - |
| Netapp | Storagegrid | - |
| Tenable | Log Correlation Engine | < 6.0.9 |
| Tenable | Nessus | <= 8.13.1 |
| Tenable | Nessus Network Monitor | 5.11.0 |
| Tenable | Tenable.Sc | >= 5.13.0, <= 5.17.0 |
| Fedoraproject | Fedora | 34 |
| Mcafee | Web Gateway | 8.2.19 |
| Mcafee | Web Gateway Cloud Service | 8.2.19 |
| Checkpoint | Quantum Security Management Firmware | r80.40 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/03/27/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/27/2Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/28/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/28/4Mailing ListThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfPatchThird Party Advisory
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10356Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00029.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013Third Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.ascThird Party Advisory
- https://security.gentoo.org/glsa/202103-03Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210326-0006/Third Party Advisory
FAQ
What is CVE-2021-3449?
CVE-2021-3449 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it...
How severe is CVE-2021-3449?
CVE-2021-3449 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3449?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Debian Debian Linux, Freebsd Freebsd, Netapp Active Iq Unified Manager, Netapp Cloud Volumes Ontap Mediator.