CVE-2021-3449

25.03.2021, 15:15

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
openssl	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
openssl	openssl	1.1.1 ≤ 𝑥 < 1.1.1k
debian	debian_linux	9.0
debian	debian_linux	10.0
freebsd	freebsd	12.2
freebsd	freebsd	12.2:p1
freebsd	freebsd	12.2:p2
netapp	active_iq_unified_manager	-
netapp	cloud_volumes_ontap_mediator	-
netapp	e-series_performance_analyzer	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	ontap_select_deploy_administration_utility	-
netapp	santricity_smi-s_provider	-
netapp	snapcenter	-
netapp	storagegrid	-
tenable	log_correlation_engine	𝑥 < 6.0.9
tenable	nessus	𝑥 ≤ 8.13.1
tenable	nessus_network_monitor	5.11.0
tenable	nessus_network_monitor	5.11.1
tenable	nessus_network_monitor	5.12.0
tenable	nessus_network_monitor	5.12.1
tenable	nessus_network_monitor	5.13.0
tenable	tenable.sc	5.13.0 ≤ 𝑥 ≤ 5.17.0
mcafee	web_gateway	8.2.19
mcafee	web_gateway	9.2.10
mcafee	web_gateway	10.1.1
mcafee	web_gateway_cloud_service	8.2.19
mcafee	web_gateway_cloud_service	9.2.10
mcafee	web_gateway_cloud_service	10.1.1
checkpoint	quantum_security_management_firmware	r80.40
checkpoint	multi-domain_management_firmware	r80.40
checkpoint	quantum_security_gateway_firmware	r80.40
oracle	communications_communications_policy_management	12.6.0.0.0
oracle	enterprise_manager_for_storage_management	13.4.0.0
oracle	essbase	21.2
oracle	graalvm	19.3.5
oracle	graalvm	20.3.1.2
oracle	graalvm	21.0.0.2
oracle	jd_edwards_enterpriseone_tools	𝑥 < 9.2.6.0
oracle	mysql_connectors	𝑥 ≤ 8.0.23
oracle	mysql_server	𝑥 ≤ 5.7.33
oracle	mysql_server	8.0.15 ≤ 𝑥 ≤ 8.0.23
oracle	mysql_workbench	𝑥 ≤ 8.0.23
oracle	peoplesoft_enterprise_peopletools	8.57
oracle	peoplesoft_enterprise_peopletools	8.58
oracle	peoplesoft_enterprise_peopletools	8.59
oracle	primavera_unifier	17.7 ≤ 𝑥 ≤ 17.12
oracle	primavera_unifier	19.12
oracle	primavera_unifier	20.12
oracle	primavera_unifier	21.12
oracle	secure_backup	𝑥 < 18.1.0.1.0
oracle	secure_global_desktop	5.6
oracle	zfs_storage_appliance_kit	8.8
sonicwall	sma100_firmware	10.2.0.0 ≤ 𝑥 < 10.2.1.0-17sv
sonicwall	capture_client	3.5
sonicwall	sonicos	7.0.1.0
siemens	ruggedcom_rcm1224_firmware	6.2 ≤
siemens	scalance_lpe9403_firmware	*
siemens	scalance_m-800_firmware	6.2 ≤
siemens	scalance_s602_firmware	4.1 ≤
siemens	scalance_s612_firmware	4.1 ≤
siemens	scalance_s615_firmware	6.2 ≤
siemens	scalance_s623_firmware	4.1 ≤
siemens	scalance_s627-2m_firmware	4.1 ≤
siemens	scalance_sc-600_firmware	2.0 ≤
siemens	scalance_w700_firmware	6.5 ≤
siemens	scalance_w1700_firmware	2.0 ≤
siemens	scalance_xb-200_firmware	𝑥 < 4.3
siemens	scalance_xc-200_firmware	𝑥 < 4.3
siemens	scalance_xf-200ba_firmware	𝑥 < 4.3
siemens	scalance_xm-400_firmware	𝑥 < 6.4
siemens	scalance_xp-200_firmware	𝑥 < 4.3
siemens	scalance_xr-300wg_firmware	𝑥 < 4.3
siemens	scalance_xr524-8c_firmware	𝑥 < 6.4
siemens	scalance_xr526-8c_firmware	𝑥 < 6.4
siemens	scalance_xr528-6m_firmware	𝑥 < 6.4
siemens	scalance_xr552-12_firmware	𝑥 < 6.4
siemens	simatic_cloud_connect_7_firmware	1.1 ≤
siemens	simatic_cloud_connect_7_firmware	-
siemens	simatic_cp_1242-7_gprs_v2_firmware	3.1 ≤
siemens	simatic_cp_1242-7_gprs_v2_firmware	-
siemens	simatic_hmi_basic_panels_2nd_generation_firmware	*
siemens	simatic_hmi_comfort_outdoor_panels_firmware	*
siemens	simatic_hmi_ktp_mobile_panels_firmware	*
siemens	simatic_mv500_firmware	*
siemens	simatic_net_cp_1243-1_firmware	3.1 ≤
siemens	simatic_net_cp1243-7_lte_eu_firmware	3.1 ≤
siemens	simatic_net_cp1243-7_lte_us_firmware	3.1 ≤
siemens	simatic_net_cp_1243-8_irc_firmware	3.1 ≤
siemens	simatic_net_cp_1542sp-1_irc_firmware	2.1 ≤
siemens	simatic_net_cp_1543-1_firmware	2.2 ≤ 𝑥 < 3.0
siemens	simatic_net_cp_1543sp-1_firmware	2.1 ≤
siemens	simatic_net_cp_1545-1_firmware	1.0 ≤
siemens	simatic_pcs_7_telecontrol_firmware	*
siemens	simatic_pcs_neo_firmware	*
siemens	simatic_pdm_firmware	9.1.0.7 ≤
siemens	simatic_process_historian_opc_ua_server_firmware	2019 ≤
siemens	simatic_rf166c_firmware	*
siemens	simatic_rf185c_firmware	*
siemens	simatic_rf186c_firmware	*
siemens	simatic_rf186ci_firmware	*
siemens	simatic_rf188c_firmware	*
siemens	simatic_rf188ci_firmware	*
siemens	simatic_rf360r_firmware	*
siemens	simatic_s7-1200_cpu_1211c_firmware	*
siemens	simatic_s7-1200_cpu_1212c_firmware	*
siemens	simatic_s7-1200_cpu_1212fc_firmware	*
siemens	simatic_s7-1200_cpu_1214_fc_firmware	*
siemens	simatic_s7-1200_cpu_1214c_firmware	*
siemens	simatic_s7-1200_cpu_1214_fc_firmware	*
siemens	simatic_s7-1200_cpu_1215_fc_firmware	*
siemens	simatic_s7-1200_cpu_1215c_firmware	*
siemens	simatic_s7-1200_cpu_1217c_firmware	*
siemens	simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware	*
siemens	sinamics_connect_300_firmware	*
siemens	tim_1531_irc_firmware	2.0 ≤ 𝑥 < 2.2
siemens	simatic_logon	1.6.0.2 ≤
siemens	simatic_logon	1.5:sp3_update_1
siemens	simatic_wincc_runtime_advanced	*
siemens	simatic_wincc_telecontrol	-
siemens	sinec_nms	1.0
siemens	sinec_nms	1.0:sp1
siemens	sinec_pni	-
siemens	sinema_server	14.0
siemens	sinema_server	14.0:sp1
siemens	sinema_server	14.0:sp2
siemens	sinema_server	14.0:sp2_update1
siemens	sinema_server	14.0:sp2_update2
siemens	sinumerik_opc_ua_server	*
siemens	tia_administrator	*
siemens	sinec_infrastructure_network_services	𝑥 < 1.0.1.1
nodejs	node.js	10.0.0 ≤ 𝑥 ≤ 10.12.0
nodejs	node.js	10.13.0 ≤ 𝑥 ≤ 10.24.0
nodejs	node.js	12.0.0 ≤ 𝑥 ≤ 12.12.0
nodejs	node.js	12.13.0 ≤ 𝑥 < 12.22.1
nodejs	node.js	14.0.0 ≤ 𝑥 ≤ 14.14.0
nodejs	node.js	14.15.0 ≤ 𝑥 < 14.16.1
nodejs	node.js	15.0.0 ≤ 𝑥 < 15.14.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bullseye	1.1.1w-0+deb11u1 fixed
stretch	not-affected
bullseye (security)	1.1.1w-0+deb11u2 fixed
bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

edk2

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

nodejs

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

openssl

noble	Fixed 1.1.1j-1ubuntu3 released
mantic	Fixed 1.1.1j-1ubuntu3 released
lunar	Fixed 1.1.1j-1ubuntu3 released
kinetic	Fixed 1.1.1j-1ubuntu3 released
jammy	Fixed 1.1.1j-1ubuntu3 released
impish	Fixed 1.1.1j-1ubuntu3 released
hirsute	Fixed 1.1.1j-1ubuntu3 released
groovy	Fixed 1.1.1f-1ubuntu4.3 released
focal	Fixed 1.1.1f-1ubuntu2.3 released
bionic	Fixed 1.1.1-1ubuntu2.1~18.04.9 released
xenial	not-affected
trusty	not-affected