CVE-2021-3449: NULL pointer deref in signature_algorithms processing
First published: Thu Mar 25 2021(Updated: )
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rust/openssl-src | <111.15.0 | 111.15.0 |
| debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u1 3.0.11-1~deb12u2 3.0.11-1 3.0.12-1 | |
| OpenSSL OpenSSL | >=1.1.1<1.1.1k | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| FreeBSD FreeBSD | =12.2 | |
| FreeBSD FreeBSD | =12.2-p1 | |
| FreeBSD FreeBSD | =12.2-p2 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Volumes Ontap Mediator | ||
| Netapp E-series Performance Analyzer | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| NetApp ONTAP Select Deploy administration utility | ||
| Netapp Santricity Smi-s Provider | ||
| Netapp Snapcenter | ||
| Netapp Storagegrid | ||
| Tenable Log Correlation Engine | <6.0.9 | |
| Tenable Nessus | <=8.13.1 | |
| Tenable Nessus Network Monitor | =5.11.0 | |
| Tenable Nessus Network Monitor | =5.11.1 | |
| Tenable Nessus Network Monitor | =5.12.0 | |
| Tenable Nessus Network Monitor | =5.12.1 | |
| Tenable Nessus Network Monitor | =5.13.0 | |
| Tenable Tenable.sc | >=5.13.0<=5.17.0 | |
| Fedoraproject Fedora | =34 | |
| McAfee Web Gateway | =8.2.19 | |
| McAfee Web Gateway | =9.2.10 | |
| McAfee Web Gateway | =10.1.1 | |
| Mcafee Web Gateway Cloud Service | =8.2.19 | |
| Mcafee Web Gateway Cloud Service | =9.2.10 | |
| Mcafee Web Gateway Cloud Service | =10.1.1 | |
| Checkpoint Quantum Security Management Firmware | =r80.40 | |
| Checkpoint Quantum Security Management Firmware | =r81 | |
| Checkpoint Quantum Security Management | ||
| Checkpoint Multi-domain Management Firmware | =r80.40 | |
| Checkpoint Multi-domain Management Firmware | =r81 | |
| Checkpoint Multi-domain Management | ||
| Checkpoint Quantum Security Gateway Firmware | =r80.40 | |
| Checkpoint Quantum Security Gateway Firmware | =r81 | |
| Checkpoint Quantum Security Gateway | ||
| Oracle Communications Communications Policy Management | =12.6.0.0.0 | |
| Oracle Enterprise Manager For Storage Management | =13.4.0.0 | |
| Oracle Essbase | =21.2 | |
| Oracle GraalVM | =19.3.5 | |
| Oracle GraalVM | =20.3.1.2 | |
| Oracle GraalVM | =21.0.0.2 | |
| Oracle Jd Edwards Enterpriseone Tools | <9.2.6.0 | |
| Oracle Jd Edwards World Security | =a9.4 | |
| Oracle Mysql Connectors | <=8.0.23 | |
| Oracle Mysql Server | <=5.7.33 | |
| Oracle Mysql Server | >=8.0.15<=8.0.23 | |
| Oracle Mysql Workbench | <=8.0.23 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
| Oracle Primavera Unifier | >=17.7<=17.12 | |
| Oracle Primavera Unifier | =19.12 | |
| Oracle Primavera Unifier | =20.12 | |
| Oracle Primavera Unifier | =21.12 | |
| Oracle Secure Backup | <18.1.0.1.0 | |
| Oracle Secure Global Desktop | =5.6 | |
| Oracle ZFS Storage Appliance Kit | =8.8 | |
| Sonicwall Sma100 Firmware | >=10.2.0.0<10.2.1.0-17sv | |
| SonicWall SMA100 | ||
| SonicWall Capture Client | =3.5 | |
| SonicWall SonicOS | =7.0.1.0 | |
| Siemens Ruggedcom Rcm1224 Firmware | >=6.2 | |
| Siemens Ruggedcom Rcm1224 | ||
| Siemens Scalance Lpe9403 Firmware | ||
| Siemens Scalance Lpe9403 | ||
| Siemens Scalance M-800 Firmware | >=6.2 | |
| Siemens SCALANCE M-800 | ||
| Siemens Scalance S602 Firmware | >=4.1 | |
| Siemens SCALANCE S602 | ||
| Siemens Scalance S612 Firmware | >=4.1 | |
| Siemens SCALANCE S612 | ||
| Siemens Scalance S615 Firmware | >=6.2 | |
| Siemens SCALANCE S615 | ||
| Siemens Scalance S623 Firmware | >=4.1 | |
| Siemens SCALANCE S623 | ||
| Siemens Scalance S627-2m Firmware | >=4.1 | |
| Siemens SCALANCE S627-2M | ||
| Siemens Scalance Sc-600 Firmware | >=2.0 | |
| Siemens SCALANCE SC-600 | ||
| Siemens Scalance W700 Firmware | >=6.5 | |
| Siemens Scalance W700 | ||
| Siemens Scalance W1700 Firmware | >=2.0 | |
| Siemens Scalance W1700 | ||
| Siemens Scalance Xb-200 Firmware | <4.3 | |
| Siemens SCALANCE XB-200 | ||
| Siemens Scalance Xc-200 Firmware | <4.3 | |
| Siemens SCALANCE XC-200 | ||
| Siemens Scalance Xf-200ba Firmware | <4.3 | |
| Siemens SCALANCE XF-200BA | ||
| Siemens Scalance Xm-400 Firmware | <6.4 | |
| Siemens Scalance Xm-400 | ||
| Siemens Scalance Xp-200 Firmware | <4.3 | |
| Siemens SCALANCE XP-200 | ||
| Siemens Scalance Xr-300wg Firmware | <4.3 | |
| Siemens SCALANCE XR-300WG | ||
| Siemens Scalance Xr524-8c Firmware | <6.4 | |
| Siemens Scalance Xr524-8c | ||
| Siemens Scalance Xr526-8c Firmware | <6.4 | |
| Siemens Scalance Xr526-8c | ||
| Siemens Scalance Xr528-6m Firmware | <6.4 | |
| Siemens Scalance Xr528-6m | ||
| Siemens Scalance Xr552-12 Firmware | <6.4 | |
| Siemens Scalance Xr552-12 | ||
| Siemens Simatic Cloud Connect 7 Firmware | >=1.1 | |
| Siemens Simatic Cloud Connect 7 Firmware | ||
| Siemens Simatic Cloud Connect 7 | ||
| Siemens Simatic Cp 1242-7 Gprs V2 Firmware | >=3.1 | |
| Siemens Simatic Cp 1242-7 Gprs V2 Firmware | ||
| Siemens SIMATIC CP 1242-7 GPRS V2 | ||
| Siemens Simatic Hmi Basic Panels 2nd Generation Firmware | ||
| Siemens Simatic Hmi Basic Panels 2nd Generation | ||
| Siemens Simatic Hmi Comfort Outdoor Panels Firmware | ||
| Siemens Simatic Hmi Comfort Outdoor Panels | ||
| Siemens Simatic Hmi Ktp Mobile Panels Firmware | ||
| Siemens Simatic Hmi Ktp Mobile Panels | ||
| Siemens Simatic Mv500 Firmware | ||
| Siemens Simatic Mv500 | ||
| Siemens Simatic Net Cp 1243-1 Firmware | >=3.1 | |
| Siemens Simatic Net Cp 1243-1 | ||
| Siemens Simatic Net Cp1243-7 Lte Eu Firmware | >=3.1 | |
| Siemens Simatic Net Cp1243-7 Lte Eu | ||
| Siemens Simatic Net Cp1243-7 Lte Us Firmware | >=3.1 | |
| Siemens Simatic Net Cp1243-7 Lte Us | ||
| Siemens Simatic Net Cp 1243-8 Irc Firmware | >=3.1 | |
| Siemens Simatic Net Cp 1243-8 Irc | ||
| Siemens Simatic Net Cp 1542sp-1 Irc Firmware | >=2.1 | |
| Siemens Simatic Net Cp 1542sp-1 Irc | ||
| Siemens Simatic Net Cp 1543-1 Firmware | >=2.2<3.0 | |
| Siemens Simatic Net Cp 1543-1 | ||
| Siemens Simatic Net Cp 1543sp-1 Firmware | >=2.1 | |
| Siemens Simatic Net Cp 1543sp-1 | ||
| Siemens Simatic Net Cp 1545-1 Firmware | >=1.0 | |
| Siemens Simatic Net Cp 1545-1 | ||
| Siemens Simatic Pcs 7 Telecontrol Firmware | ||
| Siemens Simatic Pcs 7 Telecontrol | ||
| Siemens Simatic Pcs Neo Firmware | ||
| Siemens Simatic Pcs Neo | ||
| Siemens Simatic Pdm Firmware | >=9.1.0.7 | |
| Siemens Simatic Pdm | ||
| Siemens Simatic Process Historian Opc Ua Server Firmware | >=2019 | |
| Siemens Simatic Process Historian Opc Ua Server | ||
| Siemens Simatic Rf166c Firmware | ||
| Siemens Simatic Rf166c | ||
| Siemens Simatic Rf185c Firmware | ||
| Siemens Simatic Rf185c | ||
| Siemens Simatic Rf186c Firmware | ||
| Siemens Simatic Rf186c | ||
| Siemens Simatic Rf186ci Firmware | ||
| Siemens Simatic Rf186ci | ||
| Siemens Simatic Rf188c Firmware | ||
| Siemens Simatic Rf188c | ||
| Siemens Simatic Rf188ci Firmware | ||
| Siemens Simatic Rf188ci | ||
| Siemens Simatic Rf360r Firmware | ||
| Siemens Simatic Rf360r | ||
| Siemens Simatic S7-1200 Cpu 1211c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1211c | ||
| Siemens Simatic S7-1200 Cpu 1212c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1212c | ||
| Siemens Simatic S7-1200 Cpu 1212fc Firmware | ||
| Siemens Simatic S7-1200 Cpu 1212fc | ||
| Siemens Simatic S7-1200 Cpu 1214 Fc Firmware | ||
| Siemens Simatic S7-1200 Cpu 1214 Fc | ||
| Siemens Simatic S7-1200 Cpu 1214c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1214c | ||
| Siemens Simatic S7-1200 Cpu 1215 Fc Firmware | ||
| Siemens Simatic S7-1200 Cpu 1215 Fc | ||
| Siemens Simatic S7-1200 Cpu 1215c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1215c | ||
| Siemens Simatic S7-1200 Cpu 1217c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1217c | ||
| Siemens Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp Firmware | ||
| Siemens Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp | ||
| Siemens Sinamics Connect 300 Firmware | ||
| Siemens Sinamics Connect 300 | ||
| Siemens Tim 1531 Irc Firmware | >=2.0<2.2 | |
| Siemens Tim 1531 Irc | ||
| Siemens SIMATIC Logon | >=1.6.0.2 | |
| Siemens SIMATIC Logon | =1.5-sp3_update_1 | |
| Siemens SIMATIC WinCC Runtime Advanced | ||
| Siemens Simatic Wincc Telecontrol | ||
| Siemens SINEC NMS | =1.0 | |
| Siemens SINEC NMS | =1.0-sp1 | |
| Siemens Sinec Pni | ||
| Siemens SINEMA Server | =14.0 | |
| Siemens SINEMA Server | =14.0-sp1 | |
| Siemens SINEMA Server | =14.0-sp2 | |
| Siemens SINEMA Server | =14.0-sp2_update1 | |
| Siemens SINEMA Server | =14.0-sp2_update2 | |
| Siemens Sinumerik Opc Ua Server | ||
| Siemens Tia Administrator | ||
| Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
| Nodejs Node.js | >=10.0.0<=10.12.0 | |
| Nodejs Node.js | >=10.13.0<=10.24.0 | |
| Nodejs Node.js | >=12.0.0<=12.12.0 | |
| Nodejs Node.js | >=12.13.0<12.22.1 | |
| Nodejs Node.js | >=14.0.0<=14.14.0 | |
| Nodejs Node.js | >=14.15.0<14.16.1 | |
| Nodejs Node.js | >=15.0.0<15.14.0 | |
| All of | ||
| Any of | ||
| Checkpoint Quantum Security Management Firmware | =r80.40 | |
| Checkpoint Quantum Security Management Firmware | =r81 | |
| Checkpoint Quantum Security Management | ||
| All of | ||
| Any of | ||
| Checkpoint Multi-domain Management Firmware | =r80.40 | |
| Checkpoint Multi-domain Management Firmware | =r81 | |
| Checkpoint Multi-domain Management | ||
| All of | ||
| Any of | ||
| Checkpoint Quantum Security Gateway Firmware | =r80.40 | |
| Checkpoint Quantum Security Gateway Firmware | =r81 | |
| Checkpoint Quantum Security Gateway | ||
| All of | ||
| Sonicwall Sma100 Firmware | >=10.2.0.0<10.2.1.0-17sv | |
| SonicWall SMA100 | ||
| All of | ||
| Siemens Ruggedcom Rcm1224 Firmware | >=6.2 | |
| Siemens Ruggedcom Rcm1224 | ||
| All of | ||
| Siemens Scalance Lpe9403 Firmware | ||
| Siemens Scalance Lpe9403 | ||
| All of | ||
| Siemens Scalance M-800 Firmware | >=6.2 | |
| Siemens SCALANCE M-800 | ||
| All of | ||
| Siemens Scalance S602 Firmware | >=4.1 | |
| Siemens SCALANCE S602 | ||
| All of | ||
| Siemens Scalance S612 Firmware | >=4.1 | |
| Siemens SCALANCE S612 | ||
| All of | ||
| Siemens Scalance S615 Firmware | >=6.2 | |
| Siemens SCALANCE S615 | ||
| All of | ||
| Siemens Scalance S623 Firmware | >=4.1 | |
| Siemens SCALANCE S623 | ||
| All of | ||
| Siemens Scalance S627-2m Firmware | >=4.1 | |
| Siemens SCALANCE S627-2M | ||
| All of | ||
| Siemens Scalance Sc-600 Firmware | >=2.0 | |
| Siemens SCALANCE SC-600 | ||
| All of | ||
| Siemens Scalance W700 Firmware | >=6.5 | |
| Siemens Scalance W700 | ||
| All of | ||
| Siemens Scalance W1700 Firmware | >=2.0 | |
| Siemens Scalance W1700 | ||
| All of | ||
| Siemens Scalance Xb-200 Firmware | <4.3 | |
| Siemens SCALANCE XB-200 | ||
| All of | ||
| Siemens SCALANCE XC-200 | ||
| Siemens Scalance Xc-200 Firmware | <4.3 | |
| All of | ||
| Siemens SCALANCE XF-200BA | ||
| Siemens Scalance Xf-200ba Firmware | <4.3 | |
| All of | ||
| Siemens Scalance Xm-400 | ||
| Siemens Scalance Xm-400 Firmware | <6.4 | |
| All of | ||
| Siemens SCALANCE XP-200 | ||
| Siemens Scalance Xp-200 Firmware | <4.3 | |
| All of | ||
| Siemens SCALANCE XR-300WG | ||
| Siemens Scalance Xr-300wg Firmware | <4.3 | |
| All of | ||
| Siemens Scalance Xr524-8c | ||
| Siemens Scalance Xr524-8c Firmware | <6.4 | |
| All of | ||
| Siemens Scalance Xr526-8c | ||
| Siemens Scalance Xr526-8c Firmware | <6.4 | |
| All of | ||
| Siemens Scalance Xr528-6m | ||
| Siemens Scalance Xr528-6m Firmware | <6.4 | |
| All of | ||
| Siemens Scalance Xr552-12 Firmware | <6.4 | |
| Siemens Scalance Xr552-12 | ||
| All of | ||
| Any of | ||
| Siemens Simatic Cloud Connect 7 Firmware | >=1.1 | |
| Siemens Simatic Cloud Connect 7 Firmware | ||
| Siemens Simatic Cloud Connect 7 | ||
| All of | ||
| Any of | ||
| Siemens Simatic Cp 1242-7 Gprs V2 Firmware | >=3.1 | |
| Siemens Simatic Cp 1242-7 Gprs V2 Firmware | ||
| Siemens SIMATIC CP 1242-7 GPRS V2 | ||
| All of | ||
| Siemens Simatic Hmi Basic Panels 2nd Generation Firmware | ||
| Siemens Simatic Hmi Basic Panels 2nd Generation | ||
| All of | ||
| Siemens Simatic Hmi Comfort Outdoor Panels Firmware | ||
| Siemens Simatic Hmi Comfort Outdoor Panels | ||
| All of | ||
| Siemens Simatic Hmi Ktp Mobile Panels Firmware | ||
| Siemens Simatic Hmi Ktp Mobile Panels | ||
| All of | ||
| Siemens Simatic Mv500 Firmware | ||
| Siemens Simatic Mv500 | ||
| All of | ||
| Siemens Simatic Net Cp 1243-1 Firmware | >=3.1 | |
| Siemens Simatic Net Cp 1243-1 | ||
| All of | ||
| Siemens Simatic Net Cp1243-7 Lte Eu Firmware | >=3.1 | |
| Siemens Simatic Net Cp1243-7 Lte Eu | ||
| All of | ||
| Siemens Simatic Net Cp1243-7 Lte Us Firmware | >=3.1 | |
| Siemens Simatic Net Cp1243-7 Lte Us | ||
| All of | ||
| Siemens Simatic Net Cp 1243-8 Irc Firmware | >=3.1 | |
| Siemens Simatic Net Cp 1243-8 Irc | ||
| All of | ||
| Siemens Simatic Net Cp 1542sp-1 Irc Firmware | >=2.1 | |
| Siemens Simatic Net Cp 1542sp-1 Irc | ||
| All of | ||
| Siemens Simatic Net Cp 1543-1 Firmware | >=2.2<3.0 | |
| Siemens Simatic Net Cp 1543-1 | ||
| All of | ||
| Siemens Simatic Net Cp 1543sp-1 Firmware | >=2.1 | |
| Siemens Simatic Net Cp 1543sp-1 | ||
| All of | ||
| Siemens Simatic Net Cp 1545-1 Firmware | >=1.0 | |
| Siemens Simatic Net Cp 1545-1 | ||
| All of | ||
| Siemens Simatic Pcs 7 Telecontrol Firmware | ||
| Siemens Simatic Pcs 7 Telecontrol | ||
| All of | ||
| Siemens Simatic Pcs Neo Firmware | ||
| Siemens Simatic Pcs Neo | ||
| All of | ||
| Siemens Simatic Pdm Firmware | >=9.1.0.7 | |
| Siemens Simatic Pdm | ||
| All of | ||
| Siemens Simatic Process Historian Opc Ua Server Firmware | >=2019 | |
| Siemens Simatic Process Historian Opc Ua Server | ||
| All of | ||
| Siemens Simatic Rf166c Firmware | ||
| Siemens Simatic Rf166c | ||
| All of | ||
| Siemens Simatic Rf185c Firmware | ||
| Siemens Simatic Rf185c | ||
| All of | ||
| Siemens Simatic Rf186c Firmware | ||
| Siemens Simatic Rf186c | ||
| All of | ||
| Siemens Simatic Rf186ci Firmware | ||
| Siemens Simatic Rf186ci | ||
| All of | ||
| Siemens Simatic Rf188c Firmware | ||
| Siemens Simatic Rf188c | ||
| All of | ||
| Siemens Simatic Rf188ci Firmware | ||
| Siemens Simatic Rf188ci | ||
| All of | ||
| Siemens Simatic Rf360r Firmware | ||
| Siemens Simatic Rf360r | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1211c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1211c | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1212c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1212c | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1212fc Firmware | ||
| Siemens Simatic S7-1200 Cpu 1212fc | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1214 Fc Firmware | ||
| Siemens Simatic S7-1200 Cpu 1214 Fc | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1214c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1214c | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1215 Fc Firmware | ||
| Siemens Simatic S7-1200 Cpu 1215 Fc | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1215c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1215c | ||
| All of | ||
| Siemens Simatic S7-1200 Cpu 1217c Firmware | ||
| Siemens Simatic S7-1200 Cpu 1217c | ||
| All of | ||
| Siemens Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp Firmware | ||
| Siemens Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp | ||
| All of | ||
| Siemens Sinamics Connect 300 Firmware | ||
| Siemens Sinamics Connect 300 | ||
| All of | ||
| Siemens Tim 1531 Irc Firmware | >=2.0<2.2 | |
| Siemens Tim 1531 Irc | ||
| IBM Security Verify Bridge | <=All |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2021-3449
- https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
- https://kc.mcafee.com/corporate/index?page=content&id=SB10356
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
- https://rustsec.org/advisories/RUSTSEC-2021-0055
- https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
- https://security.gentoo.org/glsa/202103-03
- https://security.netapp.com/advisory/ntap-20210326-0006/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
- https://www.debian.org/security/2021/dsa-4875
- https://www.openssl.org/news/secadv/20210325.txt
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.tenable.com/security/tns-2021-05
- https://www.tenable.com/security/tns-2021-06
- https://www.tenable.com/security/tns-2021-09
- https://www.tenable.com/security/tns-2021-10
- http://www.openwall.com/lists/oss-security/2021/03/27/1
- http://www.openwall.com/lists/oss-security/2021/03/27/2
- http://www.openwall.com/lists/oss-security/2021/03/28/3
- http://www.openwall.com/lists/oss-security/2021/03/28/4
- https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://rustsec.org/advisories/RUSTSEC-2021-0055.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/advisories/GHSA-83mx-573x-5rw9 (Advisory)
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
- https://security-tracker.debian.org/tracker/CVE-2021-3449
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/198752
- https://www.ibm.com/support/pages/node/6491653 (Advisory)
Frequently Asked Questions
What is CVE-2021-3449?
CVE-2021-3449 is a vulnerability in OpenSSL TLS servers that can cause a crash when a malicious renegotiation ClientHello message is sent.
How severe is CVE-2021-3449?
CVE-2021-3449 has a severity rating of medium with a CVSS score of 5.9.
Which software is affected by CVE-2021-3449?
OpenSSL versions up to and including 1.1.1n, 3.0.9, and 3.0.10 are affected by CVE-2021-3449.
How can I fix CVE-2021-3449?
Update your OpenSSL software to version 1.1.1o, 3.0.11, or later to mitigate the vulnerability.
Where can I find more information about CVE-2021-3449?
You can find more information about CVE-2021-3449 in the NVD and CERT-Portal advisories, as well as the OpenSSL Git repository.
- collector/github-advisory-latest
- alias/GHSA-83mx-573x-5rw9
- alias/CVE-2021-3449
- collector/github-advisory
- collector/security-tracker-debian
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/title
- agent/first-publish-date
- agent/event
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- package-manager/rust
- package-manager/debian
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.1.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/12.2
- version/freebsd freebsd/12.2-p1
- version/freebsd freebsd/12.2-p2
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud volumes ontap mediator
- canonical/netapp e-series performance analyzer
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp ontap select deploy administration utility
- canonical/netapp santricity smi-s provider
- canonical/netapp snapcenter
- canonical/netapp storagegrid
- vendor/tenable
- canonical/tenable log correlation engine
- canonical/tenable nessus
- version/tenable nessus/8.13.1
- canonical/tenable nessus network monitor
- version/tenable nessus network monitor/5.11.0
- version/tenable nessus network monitor/5.11.1
- version/tenable nessus network monitor/5.12.0
- version/tenable nessus network monitor/5.12.1
- version/tenable nessus network monitor/5.13.0
- canonical/tenable tenable.sc
- version/tenable tenable.sc/5.13.0
- version/tenable tenable.sc/5.17.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- vendor/mcafee
- canonical/mcafee web gateway
- version/mcafee web gateway/8.2.19
- version/mcafee web gateway/9.2.10
- version/mcafee web gateway/10.1.1
- canonical/mcafee web gateway cloud service
- version/mcafee web gateway cloud service/8.2.19
- version/mcafee web gateway cloud service/9.2.10
- version/mcafee web gateway cloud service/10.1.1
- vendor/checkpoint
- canonical/checkpoint quantum security management firmware
- version/checkpoint quantum security management firmware/r80.40
- version/checkpoint quantum security management firmware/r81
- canonical/checkpoint quantum security management
- canonical/checkpoint multi-domain management firmware
- version/checkpoint multi-domain management firmware/r80.40
- version/checkpoint multi-domain management firmware/r81
- canonical/checkpoint multi-domain management
- canonical/checkpoint quantum security gateway firmware
- version/checkpoint quantum security gateway firmware/r80.40
- version/checkpoint quantum security gateway firmware/r81
- canonical/checkpoint quantum security gateway
- vendor/oracle
- canonical/oracle communications communications policy management
- version/oracle communications communications policy management/12.6.0.0.0
- canonical/oracle enterprise manager for storage management
- version/oracle enterprise manager for storage management/13.4.0.0
- canonical/oracle essbase
- version/oracle essbase/21.2
- canonical/oracle graalvm
- version/oracle graalvm/19.3.5
- version/oracle graalvm/20.3.1.2
- version/oracle graalvm/21.0.0.2
- canonical/oracle jd edwards enterpriseone tools
- canonical/oracle jd edwards world security
- version/oracle jd edwards world security/a9.4
- canonical/oracle mysql connectors
- version/oracle mysql connectors/8.0.23
- canonical/oracle mysql server
- version/oracle mysql server/5.7.33
- version/oracle mysql server/8.0.15
- version/oracle mysql server/8.0.23
- canonical/oracle mysql workbench
- version/oracle mysql workbench/8.0.23
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.57
- version/oracle peoplesoft enterprise peopletools/8.58
- version/oracle peoplesoft enterprise peopletools/8.59
- canonical/oracle primavera unifier
- version/oracle primavera unifier/17.7
- version/oracle primavera unifier/17.12
- version/oracle primavera unifier/19.12
- version/oracle primavera unifier/20.12
- version/oracle primavera unifier/21.12
- canonical/oracle secure backup
- canonical/oracle secure global desktop
- version/oracle secure global desktop/5.6
- canonical/oracle zfs storage appliance kit
- version/oracle zfs storage appliance kit/8.8
- vendor/sonicwall
- canonical/sonicwall sma100 firmware
- version/sonicwall sma100 firmware/10.2.0.0
- canonical/sonicwall sma100
- canonical/sonicwall capture client
- version/sonicwall capture client/3.5
- canonical/sonicwall sonicos
- version/sonicwall sonicos/7.0.1.0
- vendor/siemens
- canonical/siemens ruggedcom rcm1224 firmware
- version/siemens ruggedcom rcm1224 firmware/6.2
- canonical/siemens ruggedcom rcm1224
- canonical/siemens scalance lpe9403 firmware
- canonical/siemens scalance lpe9403
- canonical/siemens scalance m-800 firmware
- version/siemens scalance m-800 firmware/6.2
- canonical/siemens scalance m-800
- canonical/siemens scalance s602 firmware
- version/siemens scalance s602 firmware/4.1
- canonical/siemens scalance s602
- canonical/siemens scalance s612 firmware
- version/siemens scalance s612 firmware/4.1
- canonical/siemens scalance s612
- canonical/siemens scalance s615 firmware
- version/siemens scalance s615 firmware/6.2
- canonical/siemens scalance s615
- canonical/siemens scalance s623 firmware
- version/siemens scalance s623 firmware/4.1
- canonical/siemens scalance s623
- canonical/siemens scalance s627-2m firmware
- version/siemens scalance s627-2m firmware/4.1
- canonical/siemens scalance s627-2m
- canonical/siemens scalance sc-600 firmware
- version/siemens scalance sc-600 firmware/2.0
- canonical/siemens scalance sc-600
- canonical/siemens scalance w700 firmware
- version/siemens scalance w700 firmware/6.5
- canonical/siemens scalance w700
- canonical/siemens scalance w1700 firmware
- version/siemens scalance w1700 firmware/2.0
- canonical/siemens scalance w1700
- canonical/siemens scalance xb-200 firmware
- canonical/siemens scalance xb-200
- canonical/siemens scalance xc-200 firmware
- canonical/siemens scalance xc-200
- canonical/siemens scalance xf-200ba firmware
- canonical/siemens scalance xf-200ba
- canonical/siemens scalance xm-400 firmware
- canonical/siemens scalance xm-400
- canonical/siemens scalance xp-200 firmware
- canonical/siemens scalance xp-200
- canonical/siemens scalance xr-300wg firmware
- canonical/siemens scalance xr-300wg
- canonical/siemens scalance xr524-8c firmware
- canonical/siemens scalance xr524-8c
- canonical/siemens scalance xr526-8c firmware
- canonical/siemens scalance xr526-8c
- canonical/siemens scalance xr528-6m firmware
- canonical/siemens scalance xr528-6m
- canonical/siemens scalance xr552-12 firmware
- canonical/siemens scalance xr552-12
- canonical/siemens simatic cloud connect 7 firmware
- version/siemens simatic cloud connect 7 firmware/1.1
- canonical/siemens simatic cloud connect 7
- canonical/siemens simatic cp 1242-7 gprs v2 firmware
- version/siemens simatic cp 1242-7 gprs v2 firmware/3.1
- canonical/siemens simatic cp 1242-7 gprs v2
- canonical/siemens simatic hmi basic panels 2nd generation firmware
- canonical/siemens simatic hmi basic panels 2nd generation
- canonical/siemens simatic hmi comfort outdoor panels firmware
- canonical/siemens simatic hmi comfort outdoor panels
- canonical/siemens simatic hmi ktp mobile panels firmware
- canonical/siemens simatic hmi ktp mobile panels
- canonical/siemens simatic mv500 firmware
- canonical/siemens simatic mv500
- canonical/siemens simatic net cp 1243-1 firmware
- version/siemens simatic net cp 1243-1 firmware/3.1
- canonical/siemens simatic net cp 1243-1
- canonical/siemens simatic net cp1243-7 lte eu firmware
- version/siemens simatic net cp1243-7 lte eu firmware/3.1
- canonical/siemens simatic net cp1243-7 lte eu
- canonical/siemens simatic net cp1243-7 lte us firmware
- version/siemens simatic net cp1243-7 lte us firmware/3.1
- canonical/siemens simatic net cp1243-7 lte us
- canonical/siemens simatic net cp 1243-8 irc firmware
- version/siemens simatic net cp 1243-8 irc firmware/3.1
- canonical/siemens simatic net cp 1243-8 irc
- canonical/siemens simatic net cp 1542sp-1 irc firmware
- version/siemens simatic net cp 1542sp-1 irc firmware/2.1
- canonical/siemens simatic net cp 1542sp-1 irc
- canonical/siemens simatic net cp 1543-1 firmware
- version/siemens simatic net cp 1543-1 firmware/2.2
- canonical/siemens simatic net cp 1543-1
- canonical/siemens simatic net cp 1543sp-1 firmware
- version/siemens simatic net cp 1543sp-1 firmware/2.1
- canonical/siemens simatic net cp 1543sp-1
- canonical/siemens simatic net cp 1545-1 firmware
- version/siemens simatic net cp 1545-1 firmware/1.0
- canonical/siemens simatic net cp 1545-1
- canonical/siemens simatic pcs 7 telecontrol firmware
- canonical/siemens simatic pcs 7 telecontrol
- canonical/siemens simatic pcs neo firmware
- canonical/siemens simatic pcs neo
- canonical/siemens simatic pdm firmware
- version/siemens simatic pdm firmware/9.1.0.7
- canonical/siemens simatic pdm
- canonical/siemens simatic process historian opc ua server firmware
- version/siemens simatic process historian opc ua server firmware/2019
- canonical/siemens simatic process historian opc ua server
- canonical/siemens simatic rf166c firmware
- canonical/siemens simatic rf166c
- canonical/siemens simatic rf185c firmware
- canonical/siemens simatic rf185c
- canonical/siemens simatic rf186c firmware
- canonical/siemens simatic rf186c
- canonical/siemens simatic rf186ci firmware
- canonical/siemens simatic rf186ci
- canonical/siemens simatic rf188c firmware
- canonical/siemens simatic rf188c
- canonical/siemens simatic rf188ci firmware
- canonical/siemens simatic rf188ci
- canonical/siemens simatic rf360r firmware
- canonical/siemens simatic rf360r
- canonical/siemens simatic s7-1200 cpu 1211c firmware
- canonical/siemens simatic s7-1200 cpu 1211c
- canonical/siemens simatic s7-1200 cpu 1212c firmware
- canonical/siemens simatic s7-1200 cpu 1212c
- canonical/siemens simatic s7-1200 cpu 1212fc firmware
- canonical/siemens simatic s7-1200 cpu 1212fc
- canonical/siemens simatic s7-1200 cpu 1214 fc firmware
- canonical/siemens simatic s7-1200 cpu 1214 fc
- canonical/siemens simatic s7-1200 cpu 1214c firmware
- canonical/siemens simatic s7-1200 cpu 1214c
- canonical/siemens simatic s7-1200 cpu 1215 fc firmware
- canonical/siemens simatic s7-1200 cpu 1215 fc
- canonical/siemens simatic s7-1200 cpu 1215c firmware
- canonical/siemens simatic s7-1200 cpu 1215c
- canonical/siemens simatic s7-1200 cpu 1217c firmware
- canonical/siemens simatic s7-1200 cpu 1217c
- canonical/siemens simatic s7-1500 cpu 1518-4 pn\/dp mfp firmware
- canonical/siemens simatic s7-1500 cpu 1518-4 pn\/dp mfp
- canonical/siemens sinamics connect 300 firmware
- canonical/siemens sinamics connect 300
- canonical/siemens tim 1531 irc firmware
- version/siemens tim 1531 irc firmware/2.0
- canonical/siemens tim 1531 irc
- canonical/siemens simatic logon
- version/siemens simatic logon/1.6.0.2
- version/siemens simatic logon/1.5-sp3_update_1
- canonical/siemens simatic wincc runtime advanced
- canonical/siemens simatic wincc telecontrol
- canonical/siemens sinec nms
- version/siemens sinec nms/1.0
- version/siemens sinec nms/1.0-sp1
- canonical/siemens sinec pni
- canonical/siemens sinema server
- version/siemens sinema server/14.0
- version/siemens sinema server/14.0-sp1
- version/siemens sinema server/14.0-sp2
- version/siemens sinema server/14.0-sp2_update1
- version/siemens sinema server/14.0-sp2_update2
- canonical/siemens sinumerik opc ua server
- canonical/siemens tia administrator
- canonical/siemens sinec infrastructure network services
- vendor/nodejs
- canonical/nodejs node.js
- version/nodejs node.js/10.0.0
- version/nodejs node.js/10.12.0
- version/nodejs node.js/10.13.0
- version/nodejs node.js/10.24.0
- version/nodejs node.js/12.0.0
- version/nodejs node.js/12.12.0
- version/nodejs node.js/12.13.0
- version/nodejs node.js/14.0.0
- version/nodejs node.js/14.14.0
- version/nodejs node.js/14.15.0
- version/nodejs node.js/15.0.0
- vendor/ibm
- canonical/ibm security verify bridge
- version/ibm security verify bridge/all