OpenSSL has patched two High severity vulnerabilities CVE-2021-3449 and CVE-2021-3450 in certain OpenSSL versions. As a result, a bad actor could exploit and launch a Denial of Service attack against impacted systems.
CVE-2021-3449
OpenSSL described the “NULL pointer deref in signature_algorithms processing” vulnerability (CVE-2021-3449) in a recent security advisory:
“An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.”
Systems are only vulnerable if they have TLSv1.2 and renegotiation enabled (the default configuration). However, OpenSSL TLS clients are not impacted by this vulnerability.
All OpenSSL 1.1.1 versions are affected by this vulnerability and should be upgraded to 1.1.1k.
CVE-2021-3450
OpenSSL described the “CA certificate check bypass with X509_V_FLAG_X509_STRICT” vulnerability (CVE-2021-3450) in a recent security advisory:
“An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates.”
All OpenSSL versions 1.1.1h and newer are affected by this vulnerability and should be upgraded to 1.1.1k.