CVE-2021-23841: Null Pointer Dereference
First published: Tue Feb 16 2021(Updated: )
WebRTC. A null pointer dereference was addressed with improved input validation.
Credit: Tavis Ormandy GoogleTavis Ormandy GoogleTavis Ormandy GoogleTavis Ormandy GoogleTavis Ormandy GoogleTavis Ormandy Google openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-apr | <0:1.6.3-107.el8 | 0:1.6.3-107.el8 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.el8 | 0:1.6.1-84.el8 |
| redhat/jbcs-httpd24-curl | <0:7.78.0-2.el8 | 0:7.78.0-2.el8 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-78.el8 | 0:2.4.37-78.el8 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.el8 | 0:1.39.2-39.el8 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.el8 | 1:1.1.1g-8.el8 |
| redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.el8 | 0:1.0.0-7.el8 |
| redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.el8 | 0:0.4.10-22.el8 |
| redhat/jbcs-httpd24-apr | <0:1.6.3-107.jbcs.el7 | 0:1.6.3-107.jbcs.el7 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.jbcs.el7 | 0:1.6.1-84.jbcs.el7 |
| redhat/jbcs-httpd24-curl | <0:7.78.0-2.jbcs.el7 | 0:7.78.0-2.jbcs.el7 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-78.jbcs.el7 | 0:2.4.37-78.jbcs.el7 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.jbcs.el7 | 0:1.39.2-39.jbcs.el7 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.jbcs.el7 | 1:1.1.1g-8.jbcs.el7 |
| redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.jbcs.el7 | 0:1.0.0-7.jbcs.el7 |
| redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.jbcs.el7 | 0:0.4.10-22.jbcs.el7 |
| redhat/openssl | <1:1.0.2k-22.el7_9 | 1:1.0.2k-22.el7_9 |
| redhat/edk2 | <0:20210527gite1999b264f1f-3.el8 | 0:20210527gite1999b264f1f-3.el8 |
| redhat/openssl | <1:1.1.1k-4.el8 | 1:1.1.1k-4.el8 |
| redhat/jws5-tomcat | <0:9.0.50-3.redhat_00004.1.el7 | 0:9.0.50-3.redhat_00004.1.el7 |
| redhat/jws5-tomcat-native | <0:1.2.30-3.redhat_3.el7 | 0:1.2.30-3.redhat_3.el7 |
| redhat/jws5-tomcat-vault | <0:1.1.8-4.Final_redhat_00004.1.el7 | 0:1.1.8-4.Final_redhat_00004.1.el7 |
| redhat/jws5-tomcat | <0:9.0.50-3.redhat_00004.1.el8 | 0:9.0.50-3.redhat_00004.1.el8 |
| redhat/jws5-tomcat-native | <0:1.2.30-3.redhat_3.el8 | 0:1.2.30-3.redhat_3.el8 |
| redhat/jws5-tomcat-vault | <0:1.1.8-4.Final_redhat_00004.1.el8 | 0:1.1.8-4.Final_redhat_00004.1.el8 |
| Apple Safari | <14.1.1 | 14.1.1 |
| debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u2 3.1.4-2 | |
| Apple macOS Big Sur | <11.4 | 11.4 |
| redhat/openssl | <1.1.1 | 1.1.1 |
| redhat/openssl | <1.0.2 | 1.0.2 |
| IBM Cognos Analytics | <=12.0.0-12.0.1 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 | |
| IBM Cognos Analytics | <=11.1.1-11.1.7 FP7 | |
| Apple iOS | <14.6 | 14.6 |
| Apple iPadOS | <14.6 | 14.6 |
| OpenSSL OpenSSL | >=1.0.2<1.0.2y | |
| OpenSSL OpenSSL | >=1.1.1<1.1.1j | |
| Debian Debian Linux | =10.0 | |
| Tenable Nessus Network Monitor | =5.11.0 | |
| Tenable Nessus Network Monitor | =5.11.1 | |
| Tenable Nessus Network Monitor | =5.12.0 | |
| Tenable Nessus Network Monitor | =5.12.1 | |
| Tenable Nessus Network Monitor | =5.13.0 | |
| Tenable Tenable.sc | >=5.13.0<=5.17.0 | |
| Apple Safari | <14.1.1 | |
| Apple iPadOS | <14.6 | |
| Apple iPhone OS | <14.6 | |
| Apple macOS | >=11.1<11.4 | |
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Snapcenter | ||
| Oracle Business Intelligence | =5.5.0.0.0 | |
| Oracle Business Intelligence | =5.9.0.0.0 | |
| Oracle Business Intelligence | =12.2.1.3.0 | |
| Oracle Business Intelligence | =12.2.1.4.0 | |
| Oracle Communications Cloud Native Core Policy | =1.15.0 | |
| Oracle Enterprise Manager For Storage Management | =13.4.0.0 | |
| Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
| Oracle Essbase | =21.2 | |
| Oracle GraalVM | =19.3.5 | |
| Oracle GraalVM | =20.3.1.2 | |
| Oracle GraalVM | =21.0.0.2 | |
| Oracle Jd Edwards World Security | =a9.4 | |
| Oracle Mysql Enterprise Monitor | <8.0.23 | |
| Oracle Mysql Server | <5.7.33 | |
| Oracle Mysql Server | >=8.0.15<8.0.23 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
| Oracle ZFS Storage Appliance Kit | =8.8 | |
| Siemens Sinec Ins | <1.0 | |
| Siemens Sinec Ins | =1.0 | |
| Siemens Sinec Ins | =1.0-sp1 |
Remedy
As per upstream "The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources."
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-23841 https://nvd.nist.gov/vuln/detail/CVE-2021-23841 https://www.openssl.org/news/secadv/20210216.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1930310
- https://access.redhat.com/errata/RHSA-2021:4614
- https://access.redhat.com/errata/RHSA-2021:3016
- https://access.redhat.com/errata/RHSA-2021:3798
- https://access.redhat.com/errata/RHSA-2021:4198
- https://access.redhat.com/errata/RHSA-2021:4424
- https://access.redhat.com/errata/RHSA-2021:4613
- https://access.redhat.com/errata/RHSA-2021:4863
- https://access.redhat.com/errata/RHSA-2021:4861
- https://access.redhat.com/security/cve/cve-2021-23841
- https://support.apple.com/en-us/HT212534 (Advisory)
- http://seclists.org/fulldisclosure/2021/May/67
- http://seclists.org/fulldisclosure/2021/May/68
- http://seclists.org/fulldisclosure/2021/May/70
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
- https://security.gentoo.org/glsa/202103-03
- https://security.netapp.com/advisory/ntap-20210219-0009/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://support.apple.com/kb/HT212528
- https://support.apple.com/kb/HT212529
- https://support.apple.com/kb/HT212534
- https://www.debian.org/security/2021/dsa-4855
- https://www.openssl.org/news/secadv/20210216.txt
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.tenable.com/security/tns-2021-03
- https://www.tenable.com/security/tns-2021-09
- https://security-tracker.debian.org/tracker/CVE-2021-23841
- https://support.apple.com/en-us/HT212529 (Advisory)
- https://support.apple.com/en-us/HT212528 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1930313
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1930312
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1930311
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1930315
- https://github.com/openssl/openssl/commit/8130d654d1de922ea224fa18ee3bc7262edc39c0
- https://github.com/openssl/openssl/commit/55869f594f052561b11a2db6a7c42690051868de
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://access.redhat.com/errata/RHSA-2021:1168
- https://access.redhat.com/security/cve/cve-2021-23840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/196847
- https://www.ibm.com/support/pages/node/7123154 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30749
- CVE-2021-30734
- CVE-2021-30744
- CVE-2021-30720
- CVE-2021-30682
- CVE-2021-21779
- CVE-2021-30689
- CVE-2021-30663
- CVE-2021-23841
- CVE-2021-30698
- CVE-2021-30678
- CVE-2021-30676
- CVE-2021-30688
- CVE-2021-30669
- CVE-2021-30707
- CVE-2021-30685
- CVE-2021-30672
- CVE-2021-30681
- CVE-2021-30686
- CVE-2021-30733
- CVE-2021-30753
- CVE-2021-30727
- CVE-2021-30724
- CVE-2021-30673
- CVE-2021-30771
- CVE-2021-30755
- CVE-2021-30684
- CVE-2021-30735
- CVE-2021-30697
- CVE-2021-30710
- CVE-2021-30683
- CVE-2021-30687
- CVE-2021-30700
- CVE-2021-30701
- CVE-2021-30705
- CVE-2021-30706
- CVE-2021-30719
- CVE-2021-30728
- CVE-2021-30726
- CVE-2021-30731
- CVE-2021-30740
- CVE-2021-30704
- CVE-2021-30715
- CVE-2021-30736
- CVE-2021-30739
- CVE-2021-30703
- CVE-2021-30680
- CVE-2021-30677
- CVE-2021-30702
- CVE-2021-30696
- CVE-2021-30756
- CVE-2021-30723
- CVE-2021-30691
- CVE-2021-30692
- CVE-2021-30694
- CVE-2021-30725
- CVE-2021-30746
- CVE-2021-30693
- CVE-2021-30695
- CVE-2021-30708
- CVE-2021-30709
- CVE-2021-30679
- CVE-2020-36226
- CVE-2020-36227
- CVE-2020-36223
- CVE-2020-36224
- CVE-2020-36225
- CVE-2020-36221
- CVE-2020-36228
- CVE-2020-36222
- CVE-2020-36230
- CVE-2020-36229
- CVE-2021-30738
- CVE-2021-30751
- CVE-2021-30737
- CVE-2021-30716
- CVE-2021-30717
- CVE-2021-30721
- CVE-2021-30722
- CVE-2021-30712
- CVE-2021-30668
- CVE-2021-30718
- CVE-2021-30671
- CVE-2021-30713
- CVE-2021-30714
- CVE-2021-30729
- CVE-2021-30674
- CVE-2021-30741
- CVE-2021-1821
- CVE-2021-30699
- CVE-2021-30999
- CVE-2021-30667
Frequently Asked Questions
What is CVE-2021-23841?
CVE-2021-23841 is a vulnerability that involves a null pointer dereference in the OpenSSL public API function X509_issuer_and_serial_hash().
What is the severity of CVE-2021-23841?
The severity of CVE-2021-23841 is medium with a CVSS score of 5.9.
How does CVE-2021-23841 affect Safari?
CVE-2021-23841 may affect Safari users, but it is recommended to refer to Apple's support page for specific information and remedies.
How do I fix CVE-2021-23841 on Red Hat products?
To fix CVE-2021-23841 on Red Hat products, update the affected packages to the specified versions provided by Red Hat.
What are the references for CVE-2021-23841?
The references for CVE-2021-23841 can be found at the following URLs: 1. [Apple Support - HT212529](https://support.apple.com/en-us/HT212529) 2. [Apple Support - HT212534](https://support.apple.com/en-us/HT212534) 3. [Apple Support - HT212528](https://support.apple.com/en-us/HT212528)
- collector/redhat-cve
- collector/apple-support
- alias/CVE-2021-30698
- collector/security-tracker-debian
- agent/first-publish-date
- agent/type
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-23841
- agent/software-canonical-lookup
- agent/event
- agent/references
- agent/weakness
- collector/ibm-support
- source/IBM
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/apple
- canonical/apple safari
- package-manager/debian
- canonical/apple macos big sur
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.1
- version/ibm cognos analytics/11.2.0-11.2.4 fp2
- version/ibm cognos analytics/11.1.1-11.1.7 fp7
- canonical/apple ios
- canonical/apple ipados
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.0.2
- version/openssl openssl/1.1.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/tenable
- canonical/tenable nessus network monitor
- version/tenable nessus network monitor/5.11.0
- version/tenable nessus network monitor/5.11.1
- version/tenable nessus network monitor/5.12.0
- version/tenable nessus network monitor/5.12.1
- version/tenable nessus network monitor/5.13.0
- canonical/tenable tenable.sc
- version/tenable tenable.sc/5.13.0
- version/tenable tenable.sc/5.17.0
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/11.1
- vendor/netapp
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp snapcenter
- vendor/oracle
- canonical/oracle business intelligence
- version/oracle business intelligence/5.5.0.0.0
- version/oracle business intelligence/5.9.0.0.0
- version/oracle business intelligence/12.2.1.3.0
- version/oracle business intelligence/12.2.1.4.0
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.15.0
- canonical/oracle enterprise manager for storage management
- version/oracle enterprise manager for storage management/13.4.0.0
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.4.0.0
- canonical/oracle essbase
- version/oracle essbase/21.2
- canonical/oracle graalvm
- version/oracle graalvm/19.3.5
- version/oracle graalvm/20.3.1.2
- version/oracle graalvm/21.0.0.2
- canonical/oracle jd edwards world security
- version/oracle jd edwards world security/a9.4
- canonical/oracle mysql enterprise monitor
- canonical/oracle mysql server
- version/oracle mysql server/8.0.15
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.57
- version/oracle peoplesoft enterprise peopletools/8.58
- version/oracle peoplesoft enterprise peopletools/8.59
- canonical/oracle zfs storage appliance kit
- version/oracle zfs storage appliance kit/8.8
- vendor/siemens
- canonical/siemens sinec ins
- version/siemens sinec ins/1.0
- version/siemens sinec ins/1.0-sp1