CVE-2021-3449: NULL pointer deref in signature_algorithms processing
First published: Thu Mar 25 2021(Updated: )
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rust/openssl-src | <111.15.0 | 111.15.0 |
| debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u1 3.0.11-1~deb12u2 3.0.11-1 3.0.12-1 | |
| IBM Security Verify Bridge | <=All | |
| OpenSSL | >=1.1.1<1.1.1k | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| FreeBSD Kernel | =12.2 | |
| FreeBSD Kernel | =12.2-p1 | |
| FreeBSD Kernel | =12.2-p2 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp ONTAP Mediator | ||
| NetApp E-Series Performance Analyzer | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| NetApp ONTAP Select Deploy | ||
| NetApp SANtricity SMI-S Provider Firmware | ||
| NetApp SnapCenter | ||
| NetApp StorageGRID Webscale | ||
| Tenable Log Correlation Engine | <6.0.9 | |
| Nessus | <=8.13.1 | |
| Tenable Nessus | =5.11.0 | |
| Tenable Nessus | =5.11.1 | |
| Tenable Nessus | =5.12.0 | |
| Tenable Nessus | =5.12.1 | |
| Tenable Nessus | =5.13.0 | |
| Tenable.sc | >=5.13.0<=5.17.0 | |
| Red Hat Fedora | =34 | |
| McAfee Web Gateway Cloud Service | =8.2.19 | |
| McAfee Web Gateway Cloud Service | =9.2.10 | |
| McAfee Web Gateway Cloud Service | =10.1.1 | |
| McAfee Web Gateway Cloud Service | =8.2.19 | |
| McAfee Web Gateway Cloud Service | =9.2.10 | |
| McAfee Web Gateway Cloud Service | =10.1.1 | |
| Check Point Quantum Security Management | =r80.40 | |
| Check Point Quantum Security Management | =r81 | |
| Check Point Quantum Security Management | ||
| Checkpoint Multi-Domain Management | =r80.40 | |
| Checkpoint Multi-Domain Management | =r81 | |
| Checkpoint Multi-domain Management | ||
| Checkpoint Quantum Security Gateway Firmware | =r80.40 | |
| Checkpoint Quantum Security Gateway Firmware | =r81 | |
| Check Point Quantum Security Gateway | ||
| Oracle Communications Policy Management | =12.6.0.0.0 | |
| Oracle Enterprise Manager for Storage Management | =13.4.0.0 | |
| Oracle Hyperion Essbase | =21.2 | |
| Oracle GraalVM Enterprise Edition | =19.3.5 | |
| Oracle GraalVM Enterprise Edition | =20.3.1.2 | |
| Oracle GraalVM Enterprise Edition | =21.0.0.2 | |
| Oracle JD Edwards EnterpriseOne Tools | <9.2.6.0 | |
| Oracle JD Edwards World Security | =a9.4 | |
| Oracle MySQL Connectors | <=8.0.23 | |
| MySQL | <=5.7.33 | |
| MySQL | >=8.0.15<=8.0.23 | |
| MySQL Workbench | <=8.0.23 | |
| Oracle PeopleTools | =8.57 | |
| Oracle PeopleTools | =8.58 | |
| Oracle PeopleTools | =8.59 | |
| Oracle Unifier | >=17.7<=17.12 | |
| Oracle Unifier | =19.12 | |
| Oracle Unifier | =20.12 | |
| Oracle Unifier | =21.12 | |
| Oracle Secure Backup | <18.1.0.1.0 | |
| Tarantella Secure Global Desktop | =5.6 | |
| Oracle Storage Cloud Software Appliance | =8.8 | |
| SonicWall SMA 100 firmware | >=10.2.0.0<10.2.1.0-17sv | |
| SonicWall SMA 100 | ||
| SonicWall Capture Client | =3.5 | |
| SonicWall SonicOS | =7.0.1.0 | |
| Siemens Ruggedcom Firmware | >=6.2 | |
| Siemens RUGGEDCOM RM1224 | ||
| Siemens Scalance LPE9403 Firmware | ||
| Siemens Scalance LPE9403 Firmware | ||
| Siemens SCALANCE M-800 | >=6.2 | |
| Siemens Scalance M-800 Firmware | ||
| Siemens Scalance S602 Firmware | >=4.1 | |
| Siemens Scalance S602 Firmware | ||
| Siemens Scalance S612 Firmware | >=4.1 | |
| Siemens Scalance S612 Firmware | ||
| Siemens Scalance S615 EEC Firmware | >=6.2 | |
| Siemens Scalance S615 Firmware | ||
| Siemens Scalance S623 Firmware | >=4.1 | |
| Siemens Scalance S623 Firmware | ||
| Siemens Scalance S Firmware | >=4.1 | |
| Siemens Scalance S627-2M Firmware | ||
| Siemens Scalance S602 Firmware | >=2.0 | |
| Siemens SCALANCE SC-600 family | ||
| Siemens Scalance W700 Series Firmware | >=6.5 | |
| Siemens Scalance W700 Firmware | ||
| Siemens Scalance W1700 Firmware | >=2.0 | |
| Siemens Scalance W1700 Firmware | ||
| Siemens Scalance XB-200 Firmware | <4.3 | |
| Siemens SCALANCE XB-200 | ||
| Siemens Scalance XC-200 Firmware | <4.3 | |
| Siemens SCALANCE XC-200 | ||
| Siemens Scalance XF-200BA Firmware | <4.3 | |
| Siemens SCALANCE XF-200BA | ||
| Siemens Scalance XM-400 Firmware | <6.4 | |
| Siemens Scalance XM-400 Firmware | ||
| Siemens Scalance XP-200 Firmware | <4.3 | |
| Siemens SCALANCE XP-200 | ||
| Siemens SCALANCE XR300-WG firmware | <4.3 | |
| Siemens SCALANCE X-300WG | ||
| Siemens Scalance XR524-8C | <6.4 | |
| Siemens Scalance XR524 | ||
| Siemens Scalance XR526-8C L3 Firmware | <6.4 | |
| Siemens Scalance XR526-8C Firmware | ||
| Siemens Scalance XR528-6M L3 | <6.4 | |
| Siemens Scalance XR528-6M 2HR2 Firmware | ||
| Siemens Scalance XR552 Firmware | <6.4 | |
| Siemens Scalance XR552 Firmware | ||
| Siemens Simatic Cloud Connect 7 | >=1.1 | |
| Siemens Simatic Cloud Connect 7 | ||
| Siemens Simatic Cloud Connect 7 CC712 | ||
| Siemens Simatic CP 1242-7 GPRS Firmware | >=3.1 | |
| Siemens Simatic CP 1242-7 GPRS Firmware | ||
| Siemens Simatic CP 1242-7 GPRS Firmware | ||
| Siemens SIMATIC HMI Basic Panels 2nd Generation Firmware | ||
| Siemens SIMATIC HMI Basic Panels | ||
| siemens SIMATIC HMI Comfort Outdoor Panels 15" firmware | ||
| Siemens SIMATIC HMI Comfort Outdoor Panels | ||
| Siemens SIMATIC HMI KTP Mobile Panels Firmware | ||
| Siemens SIMATIC HMI Mobile Panels firmware | ||
| Siemens Simatic MV500 | ||
| Siemens Simatic MV500 Firmware | ||
| Siemens SIMATIC CP 1243-1 Firmware | >=3.1 | |
| Siemens SIMATIC CP 1243-1 | ||
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | >=3.1 | |
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | ||
| Siemens Simatic Net CP 1243-7 LTE US Firmware | >=3.1 | |
| Siemens SIMATIC CP 1243-7 LTE/US Firmware | ||
| Siemens SIMATIC CP 1243-8 IRC Firmware | >=3.1 | |
| Siemens Simatic Net CP 1243-8 IRC Firmware | ||
| Siemens SIMATIC CP 1542SP-1 IRC Firmware | >=2.1 | |
| Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) | ||
| Siemens Simatic CP 1543-1 Firmware | >=2.2<3.0 | |
| Siemens Simatic CP 1543-1 | ||
| Siemens Simatic CP 1543SP-1 Firmware | >=2.1 | |
| Siemens Simatic CP 1543SP-1 | ||
| Siemens Simatic Net CP 1545-1 | >=1.0 | |
| Siemens Simatic Net CP 1545-1 | ||
| Siemens SIMATIC PCS 7 Telecontrol | ||
| Siemens SIMATIC PCS 7 | ||
| Siemens PCS neo | ||
| Siemens Simatic PCS neo Firmware | ||
| Siemens Simatic PDM | >=9.1.0.7 | |
| Siemens Simatic PDM Firmware | ||
| Siemens SIMATIC Process Historian OPC UA Server | >=2019 | |
| Siemens Simatic Process Historian OPC UA Server Firmware | ||
| Siemens Simatic RF166C | ||
| Siemens Simatic RF166C Firmware | ||
| Siemens Simatic RF185C Firmware | ||
| Siemens Simatic RF185C Firmware | ||
| Siemens Simatic RF186C | ||
| Siemens Simatic RF186C Firmware | ||
| Siemens Simatic RF186C | ||
| Siemens Simatic RF186Ci Firmware | ||
| Siemens SIMATIC RF188C Firmware | ||
| Siemens Simatic RF188C | ||
| Siemens Simatic RF188CI Firmware | ||
| Siemens Simatic RF188CI Firmware | ||
| Siemens Simatic RF360R Firmware | ||
| Siemens Simatic RF360R Firmware | ||
| Siemens S7-1200 CPU 1211C Firmware | ||
| Siemens Simatic S7-1200 CPU 1211C Firmware | ||
| Siemens S7-1200 CPU 1212C Firmware | ||
| Siemens SIMATIC S7-1200 CPU 1212C Firmware | ||
| Siemens S7-1200 CPU 1212FC Firmware | ||
| Siemens S7-1200 CPU 1212FC | ||
| Siemens SIMATIC S7-1200 CPU 1214C Firmware | ||
| Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly | ||
| Siemens S7-1200 CPU 1214C Firmware | ||
| Siemens SIMATIC S7-1200 CPU | ||
| Siemens Simatic S7-1200 CPU Firmware | ||
| Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC | ||
| Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC | ||
| Siemens CPU 1215C | ||
| Siemens S7-1200 CPU 1217C Firmware | ||
| Siemens S7-1200 CPU 1217C | ||
| Siemens Simatic S7-1500 CPU 1518-4 PN/DP MFP | ||
| Siemens Simatic S7-1500 CPU 1518-4 PN/DP MFP | ||
| Siemens Sinamics Connect 300 Firmware | ||
| Siemens Sinamics Connect 300 Firmware | ||
| Siemens Simatic TIM 1531 IRC Firmware | >=2.0<2.2 | |
| Siemens TIM 1531 IRC Firmware | ||
| Siemens SIMATIC Logon | >=1.6.0.2 | |
| Siemens SIMATIC Logon | =1.5-sp3_update_1 | |
| Siemens SIMATIC WinCC Runtime Advanced | ||
| Siemens Simatic WinCC Telecontrol | ||
| Siemens SINEC NMS SP1 Update 1 | =1.0 | |
| Siemens SINEC NMS SP1 Update 1 | =1.0-sp1 | |
| Siemens SINEC PNI | ||
| Siemens SINEMA Server SP3 | =14.0 | |
| Siemens SINEMA Server SP3 | =14.0-sp1 | |
| Siemens SINEMA Server SP3 | =14.0-sp2 | |
| Siemens SINEMA Server SP3 | =14.0-sp2_update1 | |
| Siemens SINEMA Server SP3 | =14.0-sp2_update2 | |
| Siemens Sinumerik OPC UA Server | ||
| Siemens TIA Administrator | ||
| Siemens SINEC Infrastructure Network Services | <1.0.1.1 | |
| Node.js | >=10.0.0<=10.12.0 | |
| Node.js | >=10.13.0<=10.24.0 | |
| Node.js | >=12.0.0<=12.12.0 | |
| Node.js | >=12.13.0<12.22.1 | |
| Node.js | >=14.0.0<=14.14.0 | |
| Node.js | >=14.15.0<14.16.1 | |
| Node.js | >=15.0.0<15.14.0 | |
| All of | ||
| Any of | ||
| Check Point Quantum Security Management | =r80.40 | |
| Check Point Quantum Security Management | =r81 | |
| Check Point Quantum Security Management | ||
| All of | ||
| Any of | ||
| Checkpoint Multi-Domain Management | =r80.40 | |
| Checkpoint Multi-Domain Management | =r81 | |
| Checkpoint Multi-domain Management | ||
| All of | ||
| Any of | ||
| Checkpoint Quantum Security Gateway Firmware | =r80.40 | |
| Checkpoint Quantum Security Gateway Firmware | =r81 | |
| Check Point Quantum Security Gateway | ||
| All of | ||
| SonicWall SMA 100 firmware | >=10.2.0.0<10.2.1.0-17sv | |
| SonicWall SMA 100 | ||
| All of | ||
| Siemens Ruggedcom Firmware | >=6.2 | |
| Siemens RUGGEDCOM RM1224 | ||
| All of | ||
| Siemens Scalance LPE9403 Firmware | ||
| Siemens Scalance LPE9403 Firmware | ||
| All of | ||
| Siemens SCALANCE M-800 | >=6.2 | |
| Siemens Scalance M-800 Firmware | ||
| All of | ||
| Siemens Scalance S602 Firmware | >=4.1 | |
| Siemens Scalance S602 Firmware | ||
| All of | ||
| Siemens Scalance S612 Firmware | >=4.1 | |
| Siemens Scalance S612 Firmware | ||
| All of | ||
| Siemens Scalance S615 EEC Firmware | >=6.2 | |
| Siemens Scalance S615 Firmware | ||
| All of | ||
| Siemens Scalance S623 Firmware | >=4.1 | |
| Siemens Scalance S623 Firmware | ||
| All of | ||
| Siemens Scalance S Firmware | >=4.1 | |
| Siemens Scalance S627-2M Firmware | ||
| All of | ||
| Siemens Scalance S602 Firmware | >=2.0 | |
| Siemens SCALANCE SC-600 family | ||
| All of | ||
| Siemens Scalance W700 Series Firmware | >=6.5 | |
| Siemens Scalance W700 Firmware | ||
| All of | ||
| Siemens Scalance W1700 Firmware | >=2.0 | |
| Siemens Scalance W1700 Firmware | ||
| All of | ||
| Siemens Scalance XB-200 Firmware | <4.3 | |
| Siemens SCALANCE XB-200 | ||
| All of | ||
| Siemens SCALANCE XC-200 | ||
| Siemens Scalance XC-200 Firmware | <4.3 | |
| All of | ||
| Siemens SCALANCE XF-200BA | ||
| Siemens Scalance XF-200BA Firmware | <4.3 | |
| All of | ||
| Siemens Scalance XM-400 Firmware | ||
| Siemens Scalance XM-400 Firmware | <6.4 | |
| All of | ||
| Siemens SCALANCE XP-200 | ||
| Siemens Scalance XP-200 Firmware | <4.3 | |
| All of | ||
| Siemens SCALANCE X-300WG | ||
| Siemens SCALANCE XR300-WG firmware | <4.3 | |
| All of | ||
| Siemens Scalance XR524 | ||
| Siemens Scalance XR524-8C | <6.4 | |
| All of | ||
| Siemens Scalance XR526-8C Firmware | ||
| Siemens Scalance XR526-8C L3 Firmware | <6.4 | |
| All of | ||
| Siemens Scalance XR528-6M 2HR2 Firmware | ||
| Siemens Scalance XR528-6M L3 | <6.4 | |
| All of | ||
| Siemens Scalance XR552 Firmware | <6.4 | |
| Siemens Scalance XR552 Firmware | ||
| All of | ||
| Any of | ||
| Siemens Simatic Cloud Connect 7 | >=1.1 | |
| Siemens Simatic Cloud Connect 7 | ||
| Siemens Simatic Cloud Connect 7 CC712 | ||
| All of | ||
| Any of | ||
| Siemens Simatic CP 1242-7 GPRS Firmware | >=3.1 | |
| Siemens Simatic CP 1242-7 GPRS Firmware | ||
| Siemens Simatic CP 1242-7 GPRS Firmware | ||
| All of | ||
| Siemens SIMATIC HMI Basic Panels 2nd Generation Firmware | ||
| Siemens SIMATIC HMI Basic Panels | ||
| All of | ||
| siemens SIMATIC HMI Comfort Outdoor Panels 15" firmware | ||
| Siemens SIMATIC HMI Comfort Outdoor Panels | ||
| All of | ||
| Siemens SIMATIC HMI KTP Mobile Panels Firmware | ||
| Siemens SIMATIC HMI Mobile Panels firmware | ||
| All of | ||
| Siemens Simatic MV500 | ||
| Siemens Simatic MV500 Firmware | ||
| All of | ||
| Siemens SIMATIC CP 1243-1 Firmware | >=3.1 | |
| Siemens SIMATIC CP 1243-1 | ||
| All of | ||
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | >=3.1 | |
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | ||
| All of | ||
| Siemens Simatic Net CP 1243-7 LTE US Firmware | >=3.1 | |
| Siemens SIMATIC CP 1243-7 LTE/US Firmware | ||
| All of | ||
| Siemens SIMATIC CP 1243-8 IRC Firmware | >=3.1 | |
| Siemens Simatic Net CP 1243-8 IRC Firmware | ||
| All of | ||
| Siemens SIMATIC CP 1542SP-1 IRC Firmware | >=2.1 | |
| Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) | ||
| All of | ||
| Siemens Simatic CP 1543-1 Firmware | >=2.2<3.0 | |
| Siemens Simatic CP 1543-1 | ||
| All of | ||
| Siemens Simatic CP 1543SP-1 Firmware | >=2.1 | |
| Siemens Simatic CP 1543SP-1 | ||
| All of | ||
| Siemens Simatic Net CP 1545-1 | >=1.0 | |
| Siemens Simatic Net CP 1545-1 | ||
| All of | ||
| Siemens SIMATIC PCS 7 Telecontrol | ||
| Siemens SIMATIC PCS 7 | ||
| All of | ||
| Siemens PCS neo | ||
| Siemens Simatic PCS neo Firmware | ||
| All of | ||
| Siemens Simatic PDM | >=9.1.0.7 | |
| Siemens Simatic PDM Firmware | ||
| All of | ||
| Siemens SIMATIC Process Historian OPC UA Server | >=2019 | |
| Siemens Simatic Process Historian OPC UA Server Firmware | ||
| All of | ||
| Siemens Simatic RF166C | ||
| Siemens Simatic RF166C Firmware | ||
| All of | ||
| Siemens Simatic RF185C Firmware | ||
| Siemens Simatic RF185C Firmware | ||
| All of | ||
| Siemens Simatic RF186C | ||
| Siemens Simatic RF186C Firmware | ||
| All of | ||
| Siemens Simatic RF186C | ||
| Siemens Simatic RF186Ci Firmware | ||
| All of | ||
| Siemens SIMATIC RF188C Firmware | ||
| Siemens Simatic RF188C | ||
| All of | ||
| Siemens Simatic RF188CI Firmware | ||
| Siemens Simatic RF188CI Firmware | ||
| All of | ||
| Siemens Simatic RF360R Firmware | ||
| Siemens Simatic RF360R Firmware | ||
| All of | ||
| Siemens S7-1200 CPU 1211C Firmware | ||
| Siemens Simatic S7-1200 CPU 1211C Firmware | ||
| All of | ||
| Siemens S7-1200 CPU 1212C Firmware | ||
| Siemens SIMATIC S7-1200 CPU 1212C Firmware | ||
| All of | ||
| Siemens S7-1200 CPU 1212FC Firmware | ||
| Siemens S7-1200 CPU 1212FC | ||
| All of | ||
| Siemens SIMATIC S7-1200 CPU 1214C Firmware | ||
| Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly | ||
| All of | ||
| Siemens S7-1200 CPU 1214C Firmware | ||
| Siemens SIMATIC S7-1200 CPU | ||
| All of | ||
| Siemens Simatic S7-1200 CPU Firmware | ||
| Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC | ||
| All of | ||
| Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC | ||
| Siemens CPU 1215C | ||
| All of | ||
| Siemens S7-1200 CPU 1217C Firmware | ||
| Siemens S7-1200 CPU 1217C | ||
| All of | ||
| Siemens Simatic S7-1500 CPU 1518-4 PN/DP MFP | ||
| Siemens Simatic S7-1500 CPU 1518-4 PN/DP MFP | ||
| All of | ||
| Siemens Sinamics Connect 300 Firmware | ||
| Siemens Sinamics Connect 300 Firmware | ||
| All of | ||
| Siemens Simatic TIM 1531 IRC Firmware | >=2.0<2.2 | |
| Siemens TIM 1531 IRC Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2021-3449
- https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
- https://kc.mcafee.com/corporate/index?page=content&id=SB10356
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
- https://rustsec.org/advisories/RUSTSEC-2021-0055
- https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
- https://security.gentoo.org/glsa/202103-03
- https://security.netapp.com/advisory/ntap-20210326-0006/
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
- https://www.debian.org/security/2021/dsa-4875
- https://www.openssl.org/news/secadv/20210325.txt
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.tenable.com/security/tns-2021-05
- https://www.tenable.com/security/tns-2021-06
- https://www.tenable.com/security/tns-2021-09
- https://www.tenable.com/security/tns-2021-10
- http://www.openwall.com/lists/oss-security/2021/03/27/1
- http://www.openwall.com/lists/oss-security/2021/03/27/2
- http://www.openwall.com/lists/oss-security/2021/03/28/3
- http://www.openwall.com/lists/oss-security/2021/03/28/4
- https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://rustsec.org/advisories/RUSTSEC-2021-0055.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/advisories/GHSA-83mx-573x-5rw9 (Advisory)
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
- https://security-tracker.debian.org/tracker/CVE-2021-3449
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/198752
- https://www.ibm.com/support/pages/node/6491653 (Advisory)
Frequently Asked Questions
What is CVE-2021-3449?
CVE-2021-3449 is a vulnerability in OpenSSL TLS servers that can cause a crash when a malicious renegotiation ClientHello message is sent.
How severe is CVE-2021-3449?
CVE-2021-3449 has a severity rating of medium with a CVSS score of 5.9.
Which software is affected by CVE-2021-3449?
OpenSSL versions up to and including 1.1.1n, 3.0.9, and 3.0.10 are affected by CVE-2021-3449.
How can I fix CVE-2021-3449?
Update your OpenSSL software to version 1.1.1o, 3.0.11, or later to mitigate the vulnerability.
Where can I find more information about CVE-2021-3449?
You can find more information about CVE-2021-3449 in the NVD and CERT-Portal advisories, as well as the OpenSSL Git repository.
- collector/github-advisory-latest
- alias/GHSA-83mx-573x-5rw9
- alias/CVE-2021-3449
- collector/github-advisory
- collector/security-tracker-debian
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/title
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- collector/nvd-api
- source/NVD
- collector/nvd-index
- package-manager/rust
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify bridge
- version/ibm security verify bridge/all
- vendor/openssl
- canonical/openssl
- version/openssl/1.1.1
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/12.2
- version/freebsd kernel/12.2-p1
- version/freebsd kernel/12.2-p2
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp ontap mediator
- canonical/netapp e-series performance analyzer
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp ontap select deploy
- canonical/netapp santricity smi-s provider firmware
- canonical/netapp snapcenter
- canonical/netapp storagegrid webscale
- vendor/tenable
- canonical/tenable log correlation engine
- canonical/nessus
- version/nessus/8.13.1
- canonical/tenable nessus
- version/tenable nessus/5.11.0
- version/tenable nessus/5.11.1
- version/tenable nessus/5.12.0
- version/tenable nessus/5.12.1
- version/tenable nessus/5.13.0
- canonical/tenable.sc
- version/tenable.sc/5.13.0
- version/tenable.sc/5.17.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/34
- vendor/mcafee
- canonical/mcafee web gateway cloud service
- version/mcafee web gateway cloud service/8.2.19
- version/mcafee web gateway cloud service/9.2.10
- version/mcafee web gateway cloud service/10.1.1
- vendor/checkpoint
- canonical/check point quantum security management
- version/check point quantum security management/r80.40
- version/check point quantum security management/r81
- canonical/checkpoint multi-domain management
- version/checkpoint multi-domain management/r80.40
- version/checkpoint multi-domain management/r81
- canonical/checkpoint quantum security gateway firmware
- version/checkpoint quantum security gateway firmware/r80.40
- version/checkpoint quantum security gateway firmware/r81
- canonical/check point quantum security gateway
- vendor/oracle
- canonical/oracle communications policy management
- version/oracle communications policy management/12.6.0.0.0
- canonical/oracle enterprise manager for storage management
- version/oracle enterprise manager for storage management/13.4.0.0
- canonical/oracle hyperion essbase
- version/oracle hyperion essbase/21.2
- canonical/oracle graalvm enterprise edition
- version/oracle graalvm enterprise edition/19.3.5
- version/oracle graalvm enterprise edition/20.3.1.2
- version/oracle graalvm enterprise edition/21.0.0.2
- canonical/oracle jd edwards enterpriseone tools
- canonical/oracle jd edwards world security
- version/oracle jd edwards world security/a9.4
- canonical/oracle mysql connectors
- version/oracle mysql connectors/8.0.23
- canonical/mysql
- version/mysql/5.7.33
- version/mysql/8.0.15
- version/mysql/8.0.23
- canonical/mysql workbench
- version/mysql workbench/8.0.23
- canonical/oracle peopletools
- version/oracle peopletools/8.57
- version/oracle peopletools/8.58
- version/oracle peopletools/8.59
- canonical/oracle unifier
- version/oracle unifier/17.7
- version/oracle unifier/17.12
- version/oracle unifier/19.12
- version/oracle unifier/20.12
- version/oracle unifier/21.12
- canonical/oracle secure backup
- canonical/tarantella secure global desktop
- version/tarantella secure global desktop/5.6
- canonical/oracle storage cloud software appliance
- version/oracle storage cloud software appliance/8.8
- vendor/sonicwall
- canonical/sonicwall sma 100 firmware
- version/sonicwall sma 100 firmware/10.2.0.0
- canonical/sonicwall sma 100
- canonical/sonicwall capture client
- version/sonicwall capture client/3.5
- canonical/sonicwall sonicos
- version/sonicwall sonicos/7.0.1.0
- vendor/siemens
- canonical/siemens ruggedcom firmware
- version/siemens ruggedcom firmware/6.2
- canonical/siemens ruggedcom rm1224
- canonical/siemens scalance lpe9403 firmware
- canonical/siemens scalance m-800
- version/siemens scalance m-800/6.2
- canonical/siemens scalance m-800 firmware
- canonical/siemens scalance s602 firmware
- version/siemens scalance s602 firmware/4.1
- canonical/siemens scalance s612 firmware
- version/siemens scalance s612 firmware/4.1
- canonical/siemens scalance s615 eec firmware
- version/siemens scalance s615 eec firmware/6.2
- canonical/siemens scalance s615 firmware
- canonical/siemens scalance s623 firmware
- version/siemens scalance s623 firmware/4.1
- canonical/siemens scalance s firmware
- version/siemens scalance s firmware/4.1
- canonical/siemens scalance s627-2m firmware
- version/siemens scalance s602 firmware/2.0
- canonical/siemens scalance sc-600 family
- canonical/siemens scalance w700 series firmware
- version/siemens scalance w700 series firmware/6.5
- canonical/siemens scalance w700 firmware
- canonical/siemens scalance w1700 firmware
- version/siemens scalance w1700 firmware/2.0
- canonical/siemens scalance xb-200 firmware
- canonical/siemens scalance xb-200
- canonical/siemens scalance xc-200 firmware
- canonical/siemens scalance xc-200
- canonical/siemens scalance xf-200ba firmware
- canonical/siemens scalance xf-200ba
- canonical/siemens scalance xm-400 firmware
- canonical/siemens scalance xp-200 firmware
- canonical/siemens scalance xp-200
- canonical/siemens scalance xr300-wg firmware
- canonical/siemens scalance x-300wg
- canonical/siemens scalance xr524-8c
- canonical/siemens scalance xr524
- canonical/siemens scalance xr526-8c l3 firmware
- canonical/siemens scalance xr526-8c firmware
- canonical/siemens scalance xr528-6m l3
- canonical/siemens scalance xr528-6m 2hr2 firmware
- canonical/siemens scalance xr552 firmware
- canonical/siemens simatic cloud connect 7
- version/siemens simatic cloud connect 7/1.1
- canonical/siemens simatic cloud connect 7 cc712
- canonical/siemens simatic cp 1242-7 gprs firmware
- version/siemens simatic cp 1242-7 gprs firmware/3.1
- canonical/siemens simatic hmi basic panels 2nd generation firmware
- canonical/siemens simatic hmi basic panels
- canonical/siemens simatic hmi comfort outdoor panels 15" firmware
- canonical/siemens simatic hmi comfort outdoor panels
- canonical/siemens simatic hmi ktp mobile panels firmware
- canonical/siemens simatic hmi mobile panels firmware
- canonical/siemens simatic mv500
- canonical/siemens simatic mv500 firmware
- canonical/siemens simatic cp 1243-1 firmware
- version/siemens simatic cp 1243-1 firmware/3.1
- canonical/siemens simatic cp 1243-1
- canonical/siemens simatic net cp 1243-7 lte eu firmware
- version/siemens simatic net cp 1243-7 lte eu firmware/3.1
- canonical/siemens simatic net cp 1243-7 lte us firmware
- version/siemens simatic net cp 1243-7 lte us firmware/3.1
- canonical/siemens simatic cp 1243-7 lte/us firmware
- canonical/siemens simatic cp 1243-8 irc firmware
- version/siemens simatic cp 1243-8 irc firmware/3.1
- canonical/siemens simatic net cp 1243-8 irc firmware
- canonical/siemens simatic cp 1542sp-1 irc firmware
- version/siemens simatic cp 1542sp-1 irc firmware/2.1
- canonical/siemens simatic net cp 1542sp-1 irc (incl. siplus variants)
- canonical/siemens simatic cp 1543-1 firmware
- version/siemens simatic cp 1543-1 firmware/2.2
- canonical/siemens simatic cp 1543-1
- canonical/siemens simatic cp 1543sp-1 firmware
- version/siemens simatic cp 1543sp-1 firmware/2.1
- canonical/siemens simatic cp 1543sp-1
- canonical/siemens simatic net cp 1545-1
- version/siemens simatic net cp 1545-1/1.0
- canonical/siemens simatic pcs 7 telecontrol
- canonical/siemens simatic pcs 7
- canonical/siemens pcs neo
- canonical/siemens simatic pcs neo firmware
- canonical/siemens simatic pdm
- version/siemens simatic pdm/9.1.0.7
- canonical/siemens simatic pdm firmware
- canonical/siemens simatic process historian opc ua server
- version/siemens simatic process historian opc ua server/2019
- canonical/siemens simatic process historian opc ua server firmware
- canonical/siemens simatic rf166c
- canonical/siemens simatic rf166c firmware
- canonical/siemens simatic rf185c firmware
- canonical/siemens simatic rf186c
- canonical/siemens simatic rf186c firmware
- canonical/siemens simatic rf186ci firmware
- canonical/siemens simatic rf188c firmware
- canonical/siemens simatic rf188c
- canonical/siemens simatic rf188ci firmware
- canonical/siemens simatic rf360r firmware
- canonical/siemens s7-1200 cpu 1211c firmware
- canonical/siemens simatic s7-1200 cpu 1211c firmware
- canonical/siemens s7-1200 cpu 1212c firmware
- canonical/siemens simatic s7-1200 cpu 1212c firmware
- canonical/siemens s7-1200 cpu 1212fc firmware
- canonical/siemens s7-1200 cpu 1212fc
- canonical/siemens simatic s7-1200 cpu 1214c firmware
- canonical/siemens simatic s7-1200 cpu 1214fc dc/dc/rly
- canonical/siemens s7-1200 cpu 1214c firmware
- canonical/siemens simatic s7-1200 cpu
- canonical/siemens simatic s7-1200 cpu firmware
- canonical/siemens simatic s7-1200 cpu 1215fc dc/dc/dc
- canonical/siemens simatic s7-1200 cpu 1215c dc/dc/dc
- canonical/siemens cpu 1215c
- canonical/siemens s7-1200 cpu 1217c firmware
- canonical/siemens s7-1200 cpu 1217c
- canonical/siemens simatic s7-1500 cpu 1518-4 pn/dp mfp
- canonical/siemens sinamics connect 300 firmware
- canonical/siemens simatic tim 1531 irc firmware
- version/siemens simatic tim 1531 irc firmware/2.0
- canonical/siemens tim 1531 irc firmware
- canonical/siemens simatic logon
- version/siemens simatic logon/1.6.0.2
- version/siemens simatic logon/1.5-sp3_update_1
- canonical/siemens simatic wincc runtime advanced
- canonical/siemens simatic wincc telecontrol
- canonical/siemens sinec nms sp1 update 1
- version/siemens sinec nms sp1 update 1/1.0
- version/siemens sinec nms sp1 update 1/1.0-sp1
- canonical/siemens sinec pni
- canonical/siemens sinema server sp3
- version/siemens sinema server sp3/14.0
- version/siemens sinema server sp3/14.0-sp1
- version/siemens sinema server sp3/14.0-sp2
- version/siemens sinema server sp3/14.0-sp2_update1
- version/siemens sinema server sp3/14.0-sp2_update2
- canonical/siemens sinumerik opc ua server
- canonical/siemens tia administrator
- canonical/siemens sinec infrastructure network services
- vendor/nodejs
- canonical/node.js
- version/node.js/10.0.0
- version/node.js/10.12.0
- version/node.js/10.13.0
- version/node.js/10.24.0
- version/node.js/12.0.0
- version/node.js/12.12.0
- version/node.js/12.13.0
- version/node.js/14.0.0
- version/node.js/14.14.0
- version/node.js/14.15.0
- version/node.js/15.0.0