CVE-2021-3449
Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
9.576
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Mysql 8.0.23 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 1.1.1 | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (x64) (12.22.1) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (12.22.1) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (x64) (12.22.10) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (12.22.10) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (x64) (12.22.11) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (12.22.11) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (x64) (12.22.12) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 12 (12.22.12) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 14 (x64) (14.16.1) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 14 (14.16.1) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 10 (10.24.1) | Windows |
| Vulnerabilities CVE-2021-3450,CVE-2021-3449,CVE-2020-7774 are fixed in Node.js 15.14.0 | Windows |
| Vulnerabilities CVE-2021-3449,CVE-2021-3450 are affected in Nessus Agent (x64) 8.12.1 | Windows |
| Vulnerabilities CVE-2021-3449,CVE-2021-3450 are affected in Nessus Agent 8.12.1 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Community 2017 15.9.40 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Enterprise 2017 15.9.40 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Professional 2017 15.9.40 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Community 2019 16.9.12 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Community 2019 16.7.20 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Community 2019 16.4.27 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Community 2019 16.11.5 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Enterprise 2019 16.9.12 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Enterprise 2019 16.7.20 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Enterprise 2019 16.4.27 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Enterprise 2019 16.11.5 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Professional 2019 16.9.12 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Professional 2019 16.7.20 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Professional 2019 16.4.27 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Professional 2019 16.11.5 | Windows |
| Multiple vulnerabilities are affected in Mysql 5.7.33 | Windows |
| Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 6.6.3 | Windows |
| Vulnerabilities CVE-2021-3449,CVE-2021-3450 are fixed in Nessus 8.13.2 | Windows |
| Vulnerabilities CVE-2021-3449,CVE-2021-3450 are fixed in Tenable Nessus 8.13.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation - | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple Vulnerabilities are affected in Siemens SINEC NMS 1.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Nessus Network Monitor 5.13.0 | Windows |
| Multiple Vulnerabilities are affected in Nessus Network Monitor 5.11.0 | Windows |
| Multiple Vulnerabilities are affected in Nessus Network Monitor 5.11.1 | Windows |
| Multiple Vulnerabilities are affected in Nessus Network Monitor 5.12.0 | Windows |
| Vulnerabilities CVE-2021-23840,CVE-2021-23841,CVE-2021-3449,CVE-2021-3450 are affected in Nessus Network Monitor 5.12.1 | Windows |
| Vulnerabilities CVE-2021-3449,CVE-2021-41057 are affected in Siemens SIMATIC PCS neo 2.3 | Windows |
| Vulnerabilities CVE-2021-3449 are affected in Siemens SINEC NMS 1.0.sp1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.1.0 | Windows |
| openssl security update(DSA-4875-1) openssl_1.1.1d-0+deb10u6_i386.deb | Linux |
| openssl security update(DSA-4875-1) openssl_1.1.1d-0+deb10u6_amd64.deb | Linux |
| SUSE-SU-2021:0954-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-1.1.1d-2.33.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0954-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-32bit-1.1.1d-2.33.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0954-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-1.1.1d-2.33.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0954-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-32bit-1.1.1d-2.33.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0954-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-1.1.1d-2.33.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0954-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debuginfo-1.1.1d-2.33.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0954-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debugsource-1.1.1d-2.33.1.x86_64.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-debugsource-1.1.1g-15.el8_3.i686.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-debugsource-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-devel-1.1.1g-15.el8_3.i686.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-devel-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-libs-1.1.1g-15.el8_3.i686.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-libs-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| (RHSA-2021:1024) openssl security update openssl-perl-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4891-1) libssl1.1_1.1.1f-1ubuntu2.3_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4891-1) libssl1.1_1.1.1f-1ubuntu2.3_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4891-1) libssl1.1_1.1.1f-1ubuntu4.3_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4891-1) libssl1.1_1.1.1f-1ubuntu4.3_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4891-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.9_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4891-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.9_amd64.deb | Linux |
| Openssl update (ELSA-2021-1024) openssl-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2021-1024) openssl-devel-1.1.1g-15.el8_3.i686.rpm | Linux |
| Openssl-devel update (ELSA-2021-1024) openssl-devel-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2021-1024) openssl-libs-1.1.1g-15.el8_3.i686.rpm | Linux |
| Openssl-libs update (ELSA-2021-1024) openssl-libs-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2021-1024) openssl-perl-1.1.1g-15.el8_3.x86_64.rpm | Linux |
| Object-relational SQL database (USN-5038-1) postgresql-10_10.18-0ubuntu0.18.04.1_i386.deb | Linux |
| Object-relational SQL database (USN-5038-1) postgresql-10_10.18-0ubuntu0.18.04.1_amd64.deb | Linux |
| Object-relational SQL database (USN-5038-1) postgresql-12_12.8-0ubuntu0.20.04.1_i386.deb | Linux |
| Object-relational SQL database (USN-5038-1) postgresql-12_12.8-0ubuntu0.20.04.1_amd64.deb | Linux |
| Object-relational SQL database (USN-5038-1) postgresql-13_13.4-0ubuntu0.21.04.1_i386.deb | Linux |
| Object-relational SQL database (USN-5038-1) postgresql-13_13.4-0ubuntu0.21.04.1_amd64.deb | Linux |
| NULL Pointer Dereference Vulnerability (CVE-2021-3449) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-343100 | Nessus Agent (x64) (10.8.0) |
| PATCH-343099 | Nessus Agent (10.8.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234