OpenSSL -- Multiple vulnerabilities

2021-03-25T00:00:00
ID 5A668AB3-8D86-11EB-B8D6-D4C9EF517024
Type freebsd
Reporter FreeBSD
Modified 2021-04-07T00:00:00

Description

The OpenSSL project reports:

High: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. High: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.