QSearchQSearch

CVE-2021-3449

5.9 MEDIUM

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client

Published: 2021-03-25 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.9 MEDIUM
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-476

Affected products

VendorProduct
checkpointactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
debianactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
fedoraprojectactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
freebsdactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
mcafeeactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
netappactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
nodejsactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
opensslactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
oracleactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
siemensactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
sonicwallactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator
tenableactive_iq_unified_manager, capture_client, cloud_volumes_ontap_mediator

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-35273 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
  • CVE-2026-9076 Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen s... (7.5 HIGH)
  • CVE-2026-7383 Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a hea... (8.1 HIGH)
  • CVE-2026-45447 Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification (8.8 HIGH)
  • CVE-2026-45446 Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authe... (4.8 MEDIUM)

Same CWE

  • CVE-2026-12329 Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
  • CVE-2025-70102 A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options (6.3 MEDIUM)
  • CVE-2025-55663 A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)
  • CVE-2025-55649 A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a De... (5.5 MEDIUM)
  • CVE-2025-55643 A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)