Attacker Value
Moderate
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
3

OpenSSL TLS Server Crash (NULL pointer dereference) — CVE-2021-3449

Disclosure Date: March 25, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Add Assessment

4
Ratings
Technical Analysis

The exploitation of this vulnerability would be most easily accomplished using a patched version of OpenSSL to modify the extensions sent within the ClientHello of the renegotiation. Successful exploitation of this vulnerability is likely limited to a Denial of Service condition. Allocating and setting the contents of the NULL page is extremely unlikely from the vantage point of a remote attacker.

The following patch can be applied to OpenSSL 1.1.1k (commit fd78df59) to generate a build capable of reproducing the vulnerability.

index ce8a75794c..3e3f774dab 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -272,7 +272,7 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
         return EXT_RETURN_NOT_SENT;
 
     salglen = tls12_get_psigalgs(s, 1, &salg);
-    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
+    if (!WPACKET_put_bytes_u16(pkt, (s->renegotiate ? TLSEXT_TYPE_signature_algorithms_cert : TLSEXT_TYPE_signature_algorithms))
                /* Sub-packet for sig-algs extension */
             || !WPACKET_start_sub_packet_u16(pkt)
                /* Sub-packet for the actual list */

What this change is doing is swapping the signature_algorithms extension for signature_algorithms_cert when the SSL context is renegotiating.

With a patched version of OpenSSL built, run the openssl client, specifying TLS version 1.2 and renegotiate.

echo R | apps/openssl s_client -connect target:443 -msg -tls1_2
CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • checkpoint,
  • debian,
  • fedoraproject,
  • freebsd,
  • mcafee,
  • netapp,
  • nodejs,
  • openssl,
  • oracle,
  • siemens,
  • sonicwall,
  • tenable

Products

  • active iq unified manager -,
  • capture client 3.5,
  • cloud volumes ontap mediator -,
  • communications communications policy management 12.6.0.0.0,
  • debian linux 10.0,
  • debian linux 9.0,
  • e-series performance analyzer -,
  • enterprise manager for storage management 13.4.0.0,
  • essbase 21.2,
  • fedora 34,
  • freebsd 12.2,
  • graalvm 19.3.5,
  • graalvm 20.3.1.2,
  • graalvm 21.0.0.2,
  • jd edwards enterpriseone tools,
  • jd edwards world security a9.4,
  • log correlation engine,
  • multi-domain management firmware r80.40,
  • multi-domain management firmware r81,
  • mysql connectors,
  • mysql server,
  • mysql workbench,
  • nessus,
  • nessus network monitor 5.11.0,
  • nessus network monitor 5.11.1,
  • nessus network monitor 5.12.0,
  • nessus network monitor 5.12.1,
  • nessus network monitor 5.13.0,
  • node.js,
  • oncommand insight -,
  • oncommand workflow automation -,
  • ontap select deploy administration utility -,
  • openssl,
  • peoplesoft enterprise peopletools 8.57,
  • peoplesoft enterprise peopletools 8.58,
  • peoplesoft enterprise peopletools 8.59,
  • primavera unifier,
  • primavera unifier 19.12,
  • primavera unifier 20.12,
  • primavera unifier 21.12,
  • quantum security gateway firmware r80.40,
  • quantum security gateway firmware r81,
  • quantum security management firmware r80.40,
  • quantum security management firmware r81,
  • ruggedcom rcm1224 firmware,
  • santricity smi-s provider -,
  • scalance lpe9403 firmware,
  • scalance m-800 firmware,
  • scalance s602 firmware,
  • scalance s612 firmware,
  • scalance s615 firmware,
  • scalance s623 firmware,
  • scalance s627-2m firmware,
  • scalance sc-600 firmware,
  • scalance w1700 firmware,
  • scalance w700 firmware,
  • scalance xb-200 firmware,
  • scalance xc-200 firmware,
  • scalance xf-200ba firmware,
  • scalance xm-400 firmware,
  • scalance xp-200 firmware,
  • scalance xr-300wg firmware,
  • scalance xr524-8c firmware,
  • scalance xr526-8c firmware,
  • scalance xr528-6m firmware,
  • scalance xr552-12 firmware,
  • secure backup,
  • secure global desktop 5.6,
  • simatic cloud connect 7 firmware,
  • simatic cloud connect 7 firmware -,
  • simatic cp 1242-7 gprs v2 firmware,
  • simatic cp 1242-7 gprs v2 firmware -,
  • simatic hmi basic panels 2nd generation firmware,
  • simatic hmi comfort outdoor panels firmware,
  • simatic hmi ktp mobile panels firmware,
  • simatic logon,
  • simatic logon 1.5,
  • simatic mv500 firmware,
  • simatic net cp 1243-1 firmware,
  • simatic net cp 1243-8 irc firmware,
  • simatic net cp 1542sp-1 irc firmware,
  • simatic net cp 1543-1 firmware,
  • simatic net cp 1543sp-1 firmware,
  • simatic net cp 1545-1 firmware,
  • simatic net cp1243-7 lte eu firmware,
  • simatic net cp1243-7 lte us firmware,
  • simatic pcs 7 telecontrol firmware,
  • simatic pcs neo firmware,
  • simatic pdm firmware,
  • simatic process historian opc ua server firmware,
  • simatic rf166c firmware,
  • simatic rf185c firmware,
  • simatic rf186c firmware,
  • simatic rf186ci firmware,
  • simatic rf188c firmware,
  • simatic rf188ci firmware,
  • simatic rf360r firmware,
  • simatic s7-1200 cpu 1211c firmware,
  • simatic s7-1200 cpu 1212c firmware,
  • simatic s7-1200 cpu 1212fc firmware,
  • simatic s7-1200 cpu 1214 fc firmware,
  • simatic s7-1200 cpu 1214c firmware,
  • simatic s7-1200 cpu 1215 fc firmware,
  • simatic s7-1200 cpu 1215c firmware,
  • simatic s7-1200 cpu 1217c firmware,
  • simatic s7-1500 cpu 1518-4 pn/dp mfp firmware,
  • simatic wincc runtime advanced,
  • simatic wincc telecontrol -,
  • sinamics connect 300 firmware,
  • sinec infrastructure network services,
  • sinec nms 1.0,
  • sinec pni -,
  • sinema server 14.0,
  • sinumerik opc ua server,
  • sma100 firmware,
  • snapcenter -,
  • sonicos 7.0.1.0,
  • storagegrid -,
  • tenable.sc,
  • tia administrator,
  • tim 1531 irc firmware,
  • web gateway 10.1.1,
  • web gateway 8.2.19,
  • web gateway 9.2.10,
  • web gateway cloud service 10.1.1,
  • web gateway cloud service 8.2.19,
  • web gateway cloud service 9.2.10,
  • zfs storage appliance kit 8.8

References

Advisory

Additional Info

Technical Analysis

Description

A denial-of-service condition exists in the default renegotiation configuration of TLSv1.2, triggered by malicious ClientHello requests.

Affected versions include:

  • All OpenSSL 1.1.1 versions are affected by this issue

Guidance

Organizations that develop products or services that utilize OpenSSL should integrate the fixes as soon as possible.

Organizations that use products that have embedded OpenSSL should monitor their vendor patch releases to see if they are affected and patch according to your normal priority patch window cycle unless you are running very sensitive applications in need of a very high level of CA assurance (CVE-2021-3450) or have internet-facing systems that could be targeted with hard-to-detect application-level denial-of-service attacks (CVE-2021-3449)