MEDIUM✓ PATCH🇬🇧 English

CVE-2021-3449

CVSS 5.9v3.1pub. 2021-03-25upd. 2024-11-21

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Checkpoint Multi Domain Management

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Multi Domain Management Firmware

    OS
    Checkpoint
    r80.40r81
  • Checkpoint Quantum Security Gateway

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Security Gateway Firmware

    OS
    Checkpoint
    r80.40r81
  • Checkpoint Quantum Security Management

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Security Management Firmware

    OS
    Checkpoint
    r80.40r81
  • Debian

    OS
    Debian
    10.09.0
  • Fedora Project Fedora

    OS
    Fedoraproject
    34
  • Freebsd

    OS
    Freebsd
    12.2
  • Mcafee Web Gateway

    APP
    Mcafee
    10.1.18.2.199.2.10
  • Mcafee Web Gateway Cloud Service

    APP
    Mcafee
    10.1.18.2.199.2.10
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Cloud Volumes Ontap Mediator

    APP
    Netapp
    wszystkie wersje
  • Netapp E Series Performance Analyzer

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Workflow Automation

    APP
    Netapp
    wszystkie wersje
  • Netapp Ontap Select Deploy Administration Utility

    APP
    Netapp
    wszystkie wersje
  • Netapp Santricity Smi S Provider

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Netapp Storagegrid

    APP
    Netapp
    wszystkie wersje
  • OpenSSL

    APP
    Openssl
    1.1.1 – 1.1.1k (bez)
  • Oracle Communications Communications Policy Management

    APP
    Oracle
    12.6.0.0.0
  • Oracle Enterprise Manager For Storage Management

    APP
    Oracle
    13.4.0.0
  • Oracle Essbase

    APP
    Oracle
    21.2
  • Oracle Graalvm

    APP
    Oracle
    19.3.520.3.1.221.0.0.2
  • Oracle Jd Edwards Enterpriseone Tools

    APP
    Oracle
    < 9.2.6.0
  • Oracle Jd Edwards World Security

    APP
    Oracle
    a9.4
  • Oracle MySQL Connectors

    APP
    Oracle
    ≤ 8.0.23
  • Oracle MySQL Server

    APP
    Oracle
    8.0.15 – 8.0.23≤ 5.7.33
  • Oracle MySQL Workbench

    APP
    Oracle
    ≤ 8.0.23
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)