5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-3449

GHSA ID

GHSA-83mx-573x-5rw9

EPSS Score

0.93752%

CWE

CWE-476

Published

8/25/2021

Updated

9/5/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-3449

CVE-2021-3449: openssl-src NULL pointer Dereference in signature_algorithms processing

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

(GitHub Advisory)

5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-3449

GHSA ID

GHSA-83mx-573x-5rw9

EPSS Score

0.93752%

CWE

CWE-476

Published

8/25/2021

Updated

9/5/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
openssl-src	rust	< 111.15.0	111.15.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The patch directly modifies the init_sig_algs function to prevent a NULL pointer dereference by initializing peer_sigalgslen to 0. This indicates that the vulnerability is related to the handling of signature algorithms during TLS renegotiation, specifically when the signature_algorithms extension is omitted but signature_algorithms_cert is present.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n Op*nSSL TLS s*rv*r m*y *r*s* i* s*nt * m*li*iously *r**t** r*n**oti*tion *li*nt**llo m*ss*** *rom * *li*nt. I* * TLSv*.* r*n**oti*tion *li*nt**llo omits t** si*n*tur*_*l*orit*ms *xt*nsion (w**r* it w*s pr*s*nt in t** initi*l *li*nt**llo), *ut in*l

Reasoning

T** p*t** *ir**tly mo*i*i*s t** init_si*_*l*s *un*tion to pr*v*nt * NULL point*r **r***r*n** *y initi*lizin* p**r_si**l*sl*n to *. T*is in*i**t*s t**t t** vuln*r**ility is r*l*t** to t** **n*lin* o* si*n*tur* *l*orit*ms *urin* TLS r*n**oti*tion, sp**

5.9

Basic Information

Concerned about an active attack path?

CVE-2021-3449: openssl-src NULL pointer Dereference in signature_algorithms processing

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI