CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl

🗓️ 14 Dec 2021 18:40:11Reported by opensslType

Invalid handling of X509_verify_cert() internal errors in OpenSSL libss

Reporter	Title	Published	Views	Family All 59
FreeBSD	OpenSSL -- Certificate validation issue	14 Dec 202100:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Vulnerability in Fabric OS firmware used by IBM b-type SAN directors and switches.	31 Aug 202200:17	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) OpenSSL vulnerability CVE-2021-4044	21 Jun 202214:53	–	ibm
ATTACKERKB	CVE-2021-4044	14 Dec 202100:00	–	attackerkb
AlpineLinux	CVE-2021-4044	14 Dec 202118:40	–	alpinelinux
BDU FSTEC	The vulnerability of the X509_verify_cert() function in the OpenSSL library, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.	19 Apr 202200:00	–	bdu_fstec
Broadcom	CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl	8 Nov 202200:00	–	broadcom
Broadcom	CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl	8 Nov 202200:00	–	broadcom
Tenable Nessus	CentOS 9 : openssl-3.0.7-18.el9	26 Apr 202400:00	–	nessus
Tenable Nessus	FreeBSD : OpenSSL -- Certificate validation issue (0132ca5b-5d11-11ec-8be6-d4c9ef517024)	14 Dec 202100:00	–	nessus

[
  {
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20211229-0003/
git	www.git.openssl.org/gitweb/
openssl	www.openssl.org/news/secadv/20211214.txt

29 Dec 2021 20:06Current

7.5High risk

Vulners AI Score7.5

EPSS0.3328

openssl x509_verify_cert()internal errors ssl_connect()ssl_do_handshake()ssl_error_want_retry_verify certificate authority