Lucene search

[email protected]CVE-2021-3449

HistoryMar 25, 2021 - 3:15 p.m.

CVE-2021-3449

2021-03-2515:15:13

CWE-476

[email protected]

web.nvd.nist.gov

624

cve-2021-3449

openssl

tls

server crash

vulnerability

null pointer dereference

denial of service

attack

openssl 1.1.1k

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

71.9%

JSON

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Affected configurations

NVD

Node

opensslopensslRange1.1.1–1.1.1k

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

freebsdfreebsdMatch12.2-

freebsdfreebsdMatch12.2p1

freebsdfreebsdMatch12.2p2

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappcloud_volumes_ontap_mediatorMatch-

netappe-series_performance_analyzerMatch-

netapponcommand_insightMatch-

netapponcommand_workflow_automationMatch-

netappontap_select_deploy_administration_utilityMatch-

netappsantricity_smi-s_providerMatch-

netappsnapcenterMatch-

netappstoragegridMatch-

Node

tenablelog_correlation_engineRange<6.0.9

tenablenessusRange≤8.13.1

tenablenessus_network_monitorMatch5.11.0

tenablenessus_network_monitorMatch5.11.1

tenablenessus_network_monitorMatch5.12.0

tenablenessus_network_monitorMatch5.12.1

tenablenessus_network_monitorMatch5.13.0

tenabletenable.scRange5.13.0–5.17.0

Node

fedoraprojectfedoraMatch34

Node

mcafeeweb_gatewayMatch8.2.19

mcafeeweb_gatewayMatch9.2.10

mcafeeweb_gatewayMatch10.1.1

mcafeeweb_gateway_cloud_serviceMatch8.2.19

mcafeeweb_gateway_cloud_serviceMatch9.2.10

mcafeeweb_gateway_cloud_serviceMatch10.1.1

Node

checkpointquantum_security_management_firmwareMatchr80.40

checkpointquantum_security_management_firmwareMatchr81

AND

checkpointquantum_security_managementMatch-

Node

checkpointmulti-domain_management_firmwareMatchr80.40

checkpointmulti-domain_management_firmwareMatchr81

AND

checkpointmulti-domain_managementMatch-

Node

checkpointquantum_security_gateway_firmwareMatchr80.40

checkpointquantum_security_gateway_firmwareMatchr81

AND

checkpointquantum_security_gatewayMatch-

Node

oraclecommunications_communications_policy_managementMatch12.6.0.0.0

oracleenterprise_manager_for_storage_managementMatch13.4.0.0

oracleessbaseMatch21.2

oraclegraalvmMatch19.3.5enterprise

oraclegraalvmMatch20.3.1.2enterprise

oraclegraalvmMatch21.0.0.2enterprise

oraclejd_edwards_enterpriseone_toolsRange<9.2.6.0

oraclejd_edwards_world_securityMatcha9.4

oraclemysql_connectorsRange≤8.0.23

oraclemysql_serverRange≤5.7.33

oraclemysql_serverRange8.0.15–8.0.23

oraclemysql_workbenchRange≤8.0.23

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepeoplesoft_enterprise_peopletoolsMatch8.59

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oracleprimavera_unifierMatch21.12

oraclesecure_backupRange<18.1.0.1.0

oraclesecure_global_desktopMatch5.6

oraclezfs_storage_appliance_kitMatch8.8

Node

sonicwallsma100_firmwareRange10.2.0.0–10.2.1.0-17sv

AND

sonicwallsma100Match-

Node

sonicwallcapture_clientMatch3.5

sonicwallsonicosMatch7.0.1.0

Node

siemensruggedcom_rcm1224_firmwareRange6.2≥

AND

siemensruggedcom_rcm1224Match-

Node

siemensscalance_lpe9403_firmware

AND

siemensscalance_lpe9403Match-

Node

siemensscalance_m-800_firmwareRange6.2≥

AND

siemensscalance_m-800Match-

Node

siemensscalance_s602_firmwareRange4.1≥

AND

siemensscalance_s602Match-

Node

siemensscalance_s612_firmwareRange4.1≥

AND

siemensscalance_s612Match-

Node

siemensscalance_s615_firmwareRange6.2≥

AND

siemensscalance_s615Match-

Node

siemensscalance_s623_firmwareRange4.1≥

AND

siemensscalance_s623Match-

Node

siemensscalance_s627-2m_firmwareRange4.1≥

AND

siemensscalance_s627-2mMatch-

Node

siemensscalance_sc-600_firmwareRange2.0≥

AND

siemensscalance_sc-600Match-

Node

siemensscalance_w700_firmwareRange6.5≥

AND

siemensscalance_w700Match-

Node

siemensscalance_w1700_firmwareRange2.0≥

AND

siemensscalance_w1700Match-

Node

siemensscalance_xb-200_firmwareRange<4.3

AND

siemensscalance_xb-200Match-

Node

siemensscalance_xc-200Match-

AND

siemensscalance_xc-200_firmwareRange<4.3

Node

siemensscalance_xf-200baMatch-

AND

siemensscalance_xf-200ba_firmwareRange<4.3

Node

siemensscalance_xm-400Match-

AND

siemensscalance_xm-400_firmwareRange<6.4

Node

siemensscalance_xp-200Match-

AND

siemensscalance_xp-200_firmwareRange<4.3

Node

siemensscalance_xr-300wgMatch-

AND

siemensscalance_xr-300wg_firmwareRange<4.3

Node

siemensscalance_xr524-8cMatch-

AND

siemensscalance_xr524-8c_firmwareRange<6.4

Node

siemensscalance_xr526-8cMatch-

AND

siemensscalance_xr526-8c_firmwareRange<6.4

Node

siemensscalance_xr528-6mMatch-

AND

siemensscalance_xr528-6m_firmwareRange<6.4

Node

siemensscalance_xr552-12_firmwareRange<6.4

AND

siemensscalance_xr552-12Match-

Node

siemenssimatic_cloud_connect_7_firmwareRange1.1≥

siemenssimatic_cloud_connect_7_firmwareMatch-

AND

siemenssimatic_cloud_connect_7Match-

Node

siemenssimatic_cp_1242-7_gprs_v2_firmwareRange3.1≥

siemenssimatic_cp_1242-7_gprs_v2_firmwareMatch-

AND

siemenssimatic_cp_1242-7_gprs_v2Match-

Node

siemenssimatic_hmi_basic_panels_2nd_generation_firmware

AND

siemenssimatic_hmi_basic_panels_2nd_generationMatch-

Node

siemenssimatic_hmi_comfort_outdoor_panels_firmware

AND

siemenssimatic_hmi_comfort_outdoor_panelsMatch-

Node

siemenssimatic_hmi_ktp_mobile_panels_firmware

AND

siemenssimatic_hmi_ktp_mobile_panelsMatch-

Node

siemenssimatic_mv500_firmware

AND

siemenssimatic_mv500Match-

Node

siemenssimatic_net_cp_1243-1_firmwareRange3.1≥

AND

siemenssimatic_net_cp_1243-1Match-

Node

siemenssimatic_net_cp1243-7_lte_eu_firmwareRange3.1≥

AND

siemenssimatic_net_cp1243-7_lte_euMatch-

Node

siemenssimatic_net_cp1243-7_lte_us_firmwareRange3.1≥

AND

siemenssimatic_net_cp1243-7_lte_usMatch-

Node

siemenssimatic_net_cp_1243-8_irc_firmwareRange3.1≥

AND

siemenssimatic_net_cp_1243-8_ircMatch-

Node

siemenssimatic_net_cp_1542sp-1_irc_firmwareRange2.1≥

AND

siemenssimatic_net_cp_1542sp-1_ircMatch-

Node

siemenssimatic_net_cp_1543-1_firmwareRange2.2–3.0

AND

siemenssimatic_net_cp_1543-1Match-

Node

siemenssimatic_net_cp_1543sp-1_firmwareRange2.1≥

AND

siemenssimatic_net_cp_1543sp-1Match-

Node

siemenssimatic_net_cp_1545-1_firmwareRange1.0≥

AND

siemenssimatic_net_cp_1545-1Match-

Node

siemenssimatic_pcs_7_telecontrol_firmware

AND

siemenssimatic_pcs_7_telecontrolMatch-

Node

siemenssimatic_pcs_neo_firmware

AND

siemenssimatic_pcs_neoMatch-

Node

siemenssimatic_pdm_firmwareRange9.1.0.7≥

AND

siemenssimatic_pdmMatch-

Node

siemenssimatic_process_historian_opc_ua_server_firmwareRange2019≥

AND

siemenssimatic_process_historian_opc_ua_serverMatch-

Node

siemenssimatic_rf166c_firmware

AND

siemenssimatic_rf166cMatch-

Node

siemenssimatic_rf185c_firmware

AND

siemenssimatic_rf185cMatch-

Node

siemenssimatic_rf186c_firmware

AND

siemenssimatic_rf186cMatch-

Node

siemenssimatic_rf186ci_firmware

AND

siemenssimatic_rf186ciMatch-

Node

siemenssimatic_rf188c_firmware

AND

siemenssimatic_rf188cMatch-

Node

siemenssimatic_rf188ci_firmware

AND

siemenssimatic_rf188ciMatch-

Node

siemenssimatic_rf360r_firmware

AND

siemenssimatic_rf360rMatch-

Node

siemenssimatic_s7-1200_cpu_1211c_firmware

AND

siemenssimatic_s7-1200_cpu_1211cMatch-

Node

siemenssimatic_s7-1200_cpu_1212c_firmware

AND

siemenssimatic_s7-1200_cpu_1212cMatch-

Node

siemenssimatic_s7-1200_cpu_1212fc_firmware

AND

siemenssimatic_s7-1200_cpu_1212fcMatch-

Node

siemenssimatic_s7-1200_cpu_1214_fc_firmware

AND

siemenssimatic_s7-1200_cpu_1214_fcMatch-

Node

siemenssimatic_s7-1200_cpu_1214c_firmware

AND

siemenssimatic_s7-1200_cpu_1214cMatch-

Node

siemenssimatic_s7-1200_cpu_1214_fc_firmware

AND

siemenssimatic_s7-1200_cpu_1214_fcMatch-

Node

siemenssimatic_s7-1200_cpu_1215_fc_firmware

AND

siemenssimatic_s7-1200_cpu_1215_fcMatch-

Node

siemenssimatic_s7-1200_cpu_1215c_firmware

AND

siemenssimatic_s7-1200_cpu_1215cMatch-

Node

siemenssimatic_s7-1200_cpu_1217c_firmware

AND

siemenssimatic_s7-1200_cpu_1217cMatch-

Node

siemenssimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware

AND

siemenssimatic_s7-1500_cpu_1518-4_pn\/dp_mfpMatch-

Node

siemenssinamics_connect_300_firmware

AND

siemenssinamics_connect_300Match-

Node

siemenstim_1531_irc_firmwareRange2.0–2.2

AND

siemenstim_1531_ircMatch-

Node

siemenssimatic_logonRange1.6.0.2≥

siemenssimatic_logonMatch1.5sp3_update_1

siemenssimatic_wincc_runtime_advanced

siemenssimatic_wincc_telecontrolMatch-

siemenssinec_nmsMatch1.0-

siemenssinec_nmsMatch1.0sp1

siemenssinec_pniMatch-

siemenssinema_serverMatch14.0-

siemenssinema_serverMatch14.0sp1

siemenssinema_serverMatch14.0sp2

siemenssinema_serverMatch14.0sp2_update1

siemenssinema_serverMatch14.0sp2_update2

siemenssinumerik_opc_ua_server

siemenstia_administrator

Node

siemenssinec_infrastructure_network_servicesRange<1.0.1.1

Node

nodejsnode.jsRange10.0.0–10.12.0-

nodejsnode.jsRange10.13.0–10.24.0lts

nodejsnode.jsRange12.0.0–12.12.0-

nodejsnode.jsRange12.13.0–12.22.1lts

nodejsnode.jsRange14.0.0–14.14.0-

nodejsnode.jsRange14.15.0–14.16.1lts

nodejsnode.jsRange15.0.0–15.14.0-

CPENameOperatorVersion
openssl:opensslopenssllt1.1.1k

CPE	Name	Operator	Version
openssl:openssl	openssl	lt	1.1.1k

CNA Affected

[
  {
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)"
      }
    ]
  }
]