CVE-2021-3449
5.9 MEDIUMAn OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client
Published: 2021-03-25 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.9 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-476
Affected products
| Vendor | Product |
|---|---|
| checkpoint | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| debian | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| fedoraproject | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| freebsd | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| mcafee | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| netapp | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| nodejs | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| openssl | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| oracle | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| siemens | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| sonicwall | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
| tenable | active_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator |
Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3449
- [Other]http://www.openwall.com/lists/oss-security/2021/03/27/1
- [Other]http://www.openwall.com/lists/oss-security/2021/03/27/2
- [Other]http://www.openwall.com/lists/oss-security/2021/03/28/3
- [Other]http://www.openwall.com/lists/oss-security/2021/03/28/4
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
- [Other]https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
- [Other]https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
- [Other]https://kc.mcafee.com/corporate/index?page=content&id=SB10356
- [Other]https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
- [Other]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
- [Other]https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
- [Other]https://security.gentoo.org/glsa/202103-03
- [Other]https://security.netapp.com/advisory/ntap-20210326-0006/
- [Other]https://security.netapp.com/advisory/ntap-20210513-0002/
- [Other]https://security.netapp.com/advisory/ntap-20240621-0006/
- [Other]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
- [Other]https://www.debian.org/security/2021/dsa-4875
- [Vendor advisory]https://www.openssl.org/news/secadv/20210325.txt
- [Patch]https://www.oracle.com//security-alerts/cpujul2021.html
- [Patch]https://www.oracle.com/security-alerts/cpuApr2021.html
- [Patch]https://www.oracle.com/security-alerts/cpuapr2022.html
- [Other]https://www.oracle.com/security-alerts/cpujul2022.html
- [Other]https://www.oracle.com/security-alerts/cpuoct2021.html
- [Other]https://www.tenable.com/security/tns-2021-05
- [Other]https://www.tenable.com/security/tns-2021-06
- [Other]https://www.tenable.com/security/tns-2021-09
- [Other]https://www.tenable.com/security/tns-2021-10
- [Other]http://www.openwall.com/lists/oss-security/2021/03/27/1
- [Other]http://www.openwall.com/lists/oss-security/2021/03/27/2
- [Other]http://www.openwall.com/lists/oss-security/2021/03/28/3
- [Other]http://www.openwall.com/lists/oss-security/2021/03/28/4
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
- [Other]https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
- [Other]https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
- [Other]https://kc.mcafee.com/corporate/index?page=content&id=SB10356
- [Other]https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
- [Other]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
- [Other]https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
- [Other]https://security.gentoo.org/glsa/202103-03
- [Other]https://security.netapp.com/advisory/ntap-20210326-0006/
- [Other]https://security.netapp.com/advisory/ntap-20210513-0002/
- [Other]https://security.netapp.com/advisory/ntap-20240621-0006/
- [Other]https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
- [Other]https://www.debian.org/security/2021/dsa-4875
- [Vendor advisory]https://www.openssl.org/news/secadv/20210325.txt
- [Patch]https://www.oracle.com//security-alerts/cpujul2021.html
- [Patch]https://www.oracle.com/security-alerts/cpuApr2021.html
- [Patch]https://www.oracle.com/security-alerts/cpuapr2022.html
- [Other]https://www.oracle.com/security-alerts/cpujul2022.html
- [Other]https://www.oracle.com/security-alerts/cpuoct2021.html
- [Other]https://www.tenable.com/security/tns-2021-05
- [Other]https://www.tenable.com/security/tns-2021-06
- [Other]https://www.tenable.com/security/tns-2021-09
- [Other]https://www.tenable.com/security/tns-2021-10
Related CVEs
Same vendor
- CVE-2026-35273 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
- CVE-2026-9076 — Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen s... (7.5 HIGH)
- CVE-2026-7383 — Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a hea... (8.1 HIGH)
- CVE-2026-45447 — Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification (8.8 HIGH)
- CVE-2026-45446 — Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authe... (4.8 MEDIUM)
Same CWE
- CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
- CVE-2025-70102 — A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options (6.3 MEDIUM)
- CVE-2025-55663 — A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)
- CVE-2025-55649 — A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a De... (5.5 MEDIUM)
- CVE-2025-55643 — A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)