what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2021-3449

Status Candidate

Overview

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Related Files

Red Hat Security Advisory 2021-1131-01
Posted Apr 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1131-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-3449
MD5 | ffaaa04d55e81c105c3087b9c656cbc3
Red Hat Security Advisory 2021-1063-01
Posted Apr 5, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1063-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-3449
MD5 | 9efc832b1053b83fafa8fe2a8fcb4c8d
Gentoo Linux Security Advisory 202103-03
Posted Mar 31, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202103-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1k are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23840, CVE-2021-23841, CVE-2021-3449, CVE-2021-3450
MD5 | 07c6a7c57274c3e07d6e5c3532051d5e
Red Hat Security Advisory 2021-1024-01
Posted Mar 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1024-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | ad384095ef826a0f5bc31f9f3c62eaba
Ubuntu Security Notice USN-4891-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4891-1 - It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3449
MD5 | 65dc6a577fcb68c0413c66300d99e501
OpenSSL Toolkit 1.1.1k
Posted Mar 25, 2021
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | c4e7d95f782b08116afa27b30393dd27
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close