Lucene search

K
cveOpensslCVE-2021-3449
HistoryMar 25, 2021 - 3:15 p.m.

CVE-2021-3449

2021-03-2515:15:13
CWE-476
openssl
web.nvd.nist.gov
642
82
20
cve-2021-3449
openssl
tls
server crash
vulnerability
null pointer dereference
denial of service
attack
openssl 1.1.1k
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

76.4%

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Affected configurations

Nvd
Node
opensslopensslRange1.1.11.1.1k
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
freebsdfreebsdMatch12.2-
OR
freebsdfreebsdMatch12.2p1
OR
freebsdfreebsdMatch12.2p2
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappcloud_volumes_ontap_mediatorMatch-
OR
netappe-series_performance_analyzerMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_workflow_automationMatch-
OR
netappontap_select_deploy_administration_utilityMatch-
OR
netappsantricity_smi-s_providerMatch-
OR
netappsnapcenterMatch-
OR
netappstoragegridMatch-
Node
tenablelog_correlation_engineRange<6.0.9
OR
tenablenessusRange8.13.1
OR
tenablenessus_network_monitorMatch5.11.0
OR
tenablenessus_network_monitorMatch5.11.1
OR
tenablenessus_network_monitorMatch5.12.0
OR
tenablenessus_network_monitorMatch5.12.1
OR
tenablenessus_network_monitorMatch5.13.0
OR
tenabletenable.scRange5.13.05.17.0
Node
fedoraprojectfedoraMatch34
Node
mcafeeweb_gatewayMatch8.2.19
OR
mcafeeweb_gatewayMatch9.2.10
OR
mcafeeweb_gatewayMatch10.1.1
OR
mcafeeweb_gateway_cloud_serviceMatch8.2.19
OR
mcafeeweb_gateway_cloud_serviceMatch9.2.10
OR
mcafeeweb_gateway_cloud_serviceMatch10.1.1
Node
checkpointquantum_security_management_firmwareMatchr80.40
OR
checkpointquantum_security_management_firmwareMatchr81
AND
checkpointquantum_security_managementMatch-
Node
checkpointmulti-domain_management_firmwareMatchr80.40
OR
checkpointmulti-domain_management_firmwareMatchr81
AND
checkpointmulti-domain_managementMatch-
Node
checkpointquantum_security_gateway_firmwareMatchr80.40
OR
checkpointquantum_security_gateway_firmwareMatchr81
AND
checkpointquantum_security_gatewayMatch-
Node
oraclecommunications_communications_policy_managementMatch12.6.0.0.0
OR
oracleenterprise_manager_for_storage_managementMatch13.4.0.0
OR
oracleessbaseMatch21.2
OR
oraclegraalvmMatch19.3.5enterprise
OR
oraclegraalvmMatch20.3.1.2enterprise
OR
oraclegraalvmMatch21.0.0.2enterprise
OR
oraclejd_edwards_enterpriseone_toolsRange<9.2.6.0
OR
oraclejd_edwards_world_securityMatcha9.4
OR
oraclemysql_connectorsRange8.0.23
OR
oraclemysql_serverRange5.7.33
OR
oraclemysql_serverRange8.0.158.0.23
OR
oraclemysql_workbenchRange8.0.23
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.58
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.59
OR
oracleprimavera_unifierRange17.717.12
OR
oracleprimavera_unifierMatch19.12
OR
oracleprimavera_unifierMatch20.12
OR
oracleprimavera_unifierMatch21.12
OR
oraclesecure_backupRange<18.1.0.1.0
OR
oraclesecure_global_desktopMatch5.6
OR
oraclezfs_storage_appliance_kitMatch8.8
Node
sonicwallsma100_firmwareRange10.2.0.010.2.1.0-17sv
AND
sonicwallsma100Match-
Node
sonicwallcapture_clientMatch3.5
OR
sonicwallsonicosMatch7.0.1.0
Node
siemensruggedcom_rcm1224_firmwareRange6.2
AND
siemensruggedcom_rcm1224Match-
Node
siemensscalance_lpe9403_firmware
AND
siemensscalance_lpe9403Match-
Node
siemensscalance_m-800_firmwareRange6.2
AND
siemensscalance_m-800Match-
Node
siemensscalance_s602_firmwareRange4.1
AND
siemensscalance_s602Match-
Node
siemensscalance_s612_firmwareRange4.1
AND
siemensscalance_s612Match-
Node
siemensscalance_s615_firmwareRange6.2
AND
siemensscalance_s615Match-
Node
siemensscalance_s623_firmwareRange4.1
AND
siemensscalance_s623Match-
Node
siemensscalance_s627-2m_firmwareRange4.1
AND
siemensscalance_s627-2mMatch-
Node
siemensscalance_sc-600_firmwareRange2.0
AND
siemensscalance_sc-600Match-
Node
siemensscalance_w700_firmwareRange6.5
AND
siemensscalance_w700Match-
Node
siemensscalance_w1700_firmwareRange2.0
AND
siemensscalance_w1700Match-
Node
siemensscalance_xb-200_firmwareRange<4.3
AND
siemensscalance_xb-200Match-
Node
siemensscalance_xc-200Match-
AND
siemensscalance_xc-200_firmwareRange<4.3
Node
siemensscalance_xf-200baMatch-
AND
siemensscalance_xf-200ba_firmwareRange<4.3
Node
siemensscalance_xm-400Match-
AND
siemensscalance_xm-400_firmwareRange<6.4
Node
siemensscalance_xp-200Match-
AND
siemensscalance_xp-200_firmwareRange<4.3
Node
siemensscalance_xr-300wgMatch-
AND
siemensscalance_xr-300wg_firmwareRange<4.3
Node
siemensscalance_xr524-8cMatch-
AND
siemensscalance_xr524-8c_firmwareRange<6.4
Node
siemensscalance_xr526-8cMatch-
AND
siemensscalance_xr526-8c_firmwareRange<6.4
Node
siemensscalance_xr528-6mMatch-
AND
siemensscalance_xr528-6m_firmwareRange<6.4
Node
siemensscalance_xr552-12_firmwareRange<6.4
AND
siemensscalance_xr552-12Match-
Node
siemenssimatic_cloud_connect_7_firmwareRange1.1
OR
siemenssimatic_cloud_connect_7_firmwareMatch-
AND
siemenssimatic_cloud_connect_7Match-
Node
siemenssimatic_cp_1242-7_gprs_v2_firmwareRange3.1
OR
siemenssimatic_cp_1242-7_gprs_v2_firmwareMatch-
AND
siemenssimatic_cp_1242-7_gprs_v2Match-
Node
siemenssimatic_hmi_basic_panels_2nd_generation_firmware
AND
siemenssimatic_hmi_basic_panels_2nd_generationMatch-
Node
siemenssimatic_hmi_comfort_outdoor_panels_firmware
AND
siemenssimatic_hmi_comfort_outdoor_panelsMatch-
Node
siemenssimatic_hmi_ktp_mobile_panels_firmware
AND
siemenssimatic_hmi_ktp_mobile_panelsMatch-
Node
siemenssimatic_mv500_firmware
AND
siemenssimatic_mv500Match-
Node
siemenssimatic_net_cp_1243-1_firmwareRange3.1
AND
siemenssimatic_net_cp_1243-1Match-
Node
siemenssimatic_net_cp1243-7_lte_eu_firmwareRange3.1
AND
siemenssimatic_net_cp1243-7_lte_euMatch-
Node
siemenssimatic_net_cp1243-7_lte_us_firmwareRange3.1
AND
siemenssimatic_net_cp1243-7_lte_usMatch-
Node
siemenssimatic_net_cp_1243-8_irc_firmwareRange3.1
AND
siemenssimatic_net_cp_1243-8_ircMatch-
Node
siemenssimatic_net_cp_1542sp-1_irc_firmwareRange2.1
AND
siemenssimatic_net_cp_1542sp-1_ircMatch-
Node
siemenssimatic_net_cp_1543-1_firmwareRange2.23.0
AND
siemenssimatic_net_cp_1543-1Match-
Node
siemenssimatic_net_cp_1543sp-1_firmwareRange2.1
AND
siemenssimatic_net_cp_1543sp-1Match-
Node
siemenssimatic_net_cp_1545-1_firmwareRange1.0
AND
siemenssimatic_net_cp_1545-1Match-
Node
siemenssimatic_pcs_7_telecontrol_firmware
AND
siemenssimatic_pcs_7_telecontrolMatch-
Node
siemenssimatic_pcs_neo_firmware
AND
siemenssimatic_pcs_neoMatch-
Node
siemenssimatic_pdm_firmwareRange9.1.0.7
AND
siemenssimatic_pdmMatch-
Node
siemenssimatic_process_historian_opc_ua_server_firmwareRange2019
AND
siemenssimatic_process_historian_opc_ua_serverMatch-
Node
siemenssimatic_rf166c_firmware
AND
siemenssimatic_rf166cMatch-
Node
siemenssimatic_rf185c_firmware
AND
siemenssimatic_rf185cMatch-
Node
siemenssimatic_rf186c_firmware
AND
siemenssimatic_rf186cMatch-
Node
siemenssimatic_rf186ci_firmware
AND
siemenssimatic_rf186ciMatch-
Node
siemenssimatic_rf188c_firmware
AND
siemenssimatic_rf188cMatch-
Node
siemenssimatic_rf188ci_firmware
AND
siemenssimatic_rf188ciMatch-
Node
siemenssimatic_rf360r_firmware
AND
siemenssimatic_rf360rMatch-
Node
siemenssimatic_s7-1200_cpu_1211c_firmware
AND
siemenssimatic_s7-1200_cpu_1211cMatch-
Node
siemenssimatic_s7-1200_cpu_1212c_firmware
AND
siemenssimatic_s7-1200_cpu_1212cMatch-
Node
siemenssimatic_s7-1200_cpu_1212fc_firmware
AND
siemenssimatic_s7-1200_cpu_1212fcMatch-
Node
siemenssimatic_s7-1200_cpu_1214_fc_firmware
AND
siemenssimatic_s7-1200_cpu_1214_fcMatch-
Node
siemenssimatic_s7-1200_cpu_1214c_firmware
AND
siemenssimatic_s7-1200_cpu_1214cMatch-
Node
siemenssimatic_s7-1200_cpu_1214_fc_firmware
AND
siemenssimatic_s7-1200_cpu_1214_fcMatch-
Node
siemenssimatic_s7-1200_cpu_1215_fc_firmware
AND
siemenssimatic_s7-1200_cpu_1215_fcMatch-
Node
siemenssimatic_s7-1200_cpu_1215c_firmware
AND
siemenssimatic_s7-1200_cpu_1215cMatch-
Node
siemenssimatic_s7-1200_cpu_1217c_firmware
AND
siemenssimatic_s7-1200_cpu_1217cMatch-
Node
siemenssimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware
AND
siemenssimatic_s7-1500_cpu_1518-4_pn\/dp_mfpMatch-
Node
siemenssinamics_connect_300_firmware
AND
siemenssinamics_connect_300Match-
Node
siemenstim_1531_irc_firmwareRange2.02.2
AND
siemenstim_1531_ircMatch-
Node
siemenssimatic_logonRange1.6.0.2
OR
siemenssimatic_logonMatch1.5sp3_update_1
OR
siemenssimatic_wincc_runtime_advanced
OR
siemenssimatic_wincc_telecontrolMatch-
OR
siemenssinec_nmsMatch1.0-
OR
siemenssinec_nmsMatch1.0sp1
OR
siemenssinec_pniMatch-
OR
siemenssinema_serverMatch14.0-
OR
siemenssinema_serverMatch14.0sp1
OR
siemenssinema_serverMatch14.0sp2
OR
siemenssinema_serverMatch14.0sp2_update1
OR
siemenssinema_serverMatch14.0sp2_update2
OR
siemenssinumerik_opc_ua_server
OR
siemenstia_administrator
Node
siemenssinec_infrastructure_network_servicesRange<1.0.1.1
Node
nodejsnode.jsRange10.0.010.12.0-
OR
nodejsnode.jsRange10.13.010.24.0lts
OR
nodejsnode.jsRange12.0.012.12.0-
OR
nodejsnode.jsRange12.13.012.22.1lts
OR
nodejsnode.jsRange14.0.014.14.0-
OR
nodejsnode.jsRange14.15.014.16.1lts
OR
nodejsnode.jsRange15.0.015.14.0-
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
freebsdfreebsd12.2cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*
freebsdfreebsd12.2cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*
freebsdfreebsd12.2cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappcloud_volumes_ontap_mediator-cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*
netappe-series_performance_analyzer-cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
netapponcommand_insight-cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 1971

CNA Affected

[
  {
    "vendor": "OpenSSL",
    "product": "OpenSSL",
    "versions": [
      {
        "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)",
        "status": "affected"
      }
    ]
  }
]

References

Social References

More

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

76.4%