Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:156077
Version
2
Class
patch
ALTXid
361585
Language
Russian
Severity
High
Title
Astra Linux SE 1.6 (Smolensk) 20210730SE16 - обновление пакета openssl
Description
Исправление уязвимостей: CVE-2019-1551, CVE-2020-1967, CVE-2020-1971, CVE-2021-23840, CVE-2021-23841, CVE-2021-3449, CVE-2021-3450
Family
unix
Platform
Astra Linux SE 1.6
Product
openssl
Reference
CVE: CVE-2019-1551
CVE: CVE-2019-1551
Id:
CVE-2019-1551
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
Comment
: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE:
190 (Integer Overflow or Wraparound)
References:
https://www.openssl.org/news/secadv/20191206.txt (CONFIRM)
https://security.netapp.com/advisory/ntap-20191210-0001/ (CONFIRM)
20191225 [slackware-security] openssl (SSA:2019-354-01) (BUGTRAQ)
http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html (MISC)
DSA-4594 (DEBIAN)
20191229 [SECURITY] [DSA 4594-1] openssl1.0 security update (BUGTRAQ)
https://www.tenable.com/security/tns-2019-09 (CONFIRM)
openSUSE-SU-2020:0062 (SUSE)
GLSA-202004-10 (GENTOO)
https://www.tenable.com/security/tns-2020-03 (CONFIRM)
USN-4376-1 (UBUNTU)
https://www.oracle.com/security-alerts/cpujul2020.html (MISC)
USN-4504-1 (UBUNTU)
https://www.tenable.com/security/tns-2020-11 (CONFIRM)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
DSA-4855 (DEBIAN)
https://www.tenable.com/security/tns-2021-10 (CONFIRM)
https://www.oracle.com/security-alerts/cpuApr2021.html (MISC)
[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update (MLIST)
FEDORA-2020-fcc91a28e8 ()
FEDORA-2020-da2d1ef2d7 ()
FEDORA-2020-d7b29838f6 ()
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f ()
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98 ()
CVE: CVE-2020-1967
CVE: CVE-2020-1967
Id:
CVE-2020-1967
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
Comment
: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://www.openssl.org/news/secadv/20200421.txt (CONFIRM)
FreeBSD-SA-20:11 (FREEBSD)
DSA-4661 (DEBIAN)
[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain (MLIST)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440 (CONFIRM)
GLSA-202004-10 (GENTOO)
https://security.netapp.com/advisory/ntap-20200424-0003/ (CONFIRM)
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL (CONFIRM)
https://www.tenable.com/security/tns-2020-03 (CONFIRM)
https://github.com/irsl/CVE-2020-1967 (MISC)
20200501 CVE-2020-1967: proving sigalg != NULL (FULLDISC)
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html (MISC)
https://www.synology.com/security/advisory/Synology_SA_20_05 (CONFIRM)
https://www.tenable.com/security/tns-2020-04 (CONFIRM)
openSUSE-SU-2020:0933 (SUSE)
openSUSE-SU-2020:0945 (SUSE)
https://www.oracle.com/security-alerts/cpujul2020.html (MISC)
https://security.netapp.com/advisory/ntap-20200717-0004/ (CONFIRM)
https://www.oracle.com/security-alerts/cpuoct2020.html (MISC)
https://www.tenable.com/security/tns-2020-11 (CONFIRM)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
https://www.tenable.com/security/tns-2021-10 (CONFIRM)
https://www.oracle.com/security-alerts/cpuApr2021.html (MISC)
N/A (N/A)
https://www.oracle.com/security-alerts/cpuoct2021.html (MISC)
[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24? ()
[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24? ()
[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24? ()
FEDORA-2020-fcc91a28e8 ()
FEDORA-2020-da2d1ef2d7 ()
FEDORA-2020-d7b29838f6 ()
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 ()
CVE: CVE-2020-1971
CVE: CVE-2020-1971
Id:
CVE-2020-1971
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
Comment
: The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://www.openssl.org/news/secadv/20201208.txt (CONFIRM)
DSA-4807 (DEBIAN)
FreeBSD-SA-20:33 (FREEBSD)
[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update (MLIST)
[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update (MLIST)
https://security.netapp.com/advisory/ntap-20201218-0005/ (CONFIRM)
https://www.tenable.com/security/tns-2020-11 (CONFIRM)
GLSA-202012-13 (GENTOO)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 (CONFIRM)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
https://www.tenable.com/security/tns-2021-09 (CONFIRM)
https://security.netapp.com/advisory/ntap-20210513-0002/ (CONFIRM)
https://www.tenable.com/security/tns-2021-10 (CONFIRM)
https://www.oracle.com/security-alerts/cpuApr2021.html (MISC)
N/A (N/A)
[oss-security] 20210914 Re: Oracle Solaris membership in the distros list (MLIST)
https://www.oracle.com/security-alerts/cpuoct2021.html (MISC)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
https://www.oracle.com/security-alerts/cpuapr2022.html (MISC)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920 ()
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e ()
FEDORA-2020-ef1870065a ()
[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported. ()
FEDORA-2020-a31b01e945 ()
[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40. ()
CVE: CVE-2021-23840
CVE: CVE-2021-23840
Id:
CVE-2021-23840
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
Comment
: Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://www.openssl.org/news/secadv/20210216.txt (CONFIRM)
DSA-4855 (DEBIAN)
https://security.netapp.com/advisory/ntap-20210219-0009/ (CONFIRM)
https://www.tenable.com/security/tns-2021-03 (CONFIRM)
GLSA-202103-03 (GENTOO)
https://www.tenable.com/security/tns-2021-09 (CONFIRM)
https://www.tenable.com/security/tns-2021-10 (CONFIRM)
https://www.oracle.com/security-alerts/cpuApr2021.html (MISC)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 (CONFIRM)
N/A (N/A)
https://www.oracle.com/security-alerts/cpuoct2021.html (MISC)
https://kc.mcafee.com/corporate/index?page=content&id=SB10366 (CONFIRM)
https://www.oracle.com/security-alerts/cpujan2022.html (MISC)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
https://www.oracle.com/security-alerts/cpuapr2022.html (MISC)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 ()
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2 ()
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 ()
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 ()
CVE: CVE-2021-23841
CVE: CVE-2021-23841
Id:
CVE-2021-23841
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841
Comment
: The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://www.openssl.org/news/secadv/20210216.txt (CONFIRM)
DSA-4855 (DEBIAN)
https://security.netapp.com/advisory/ntap-20210219-0009/ (CONFIRM)
https://www.tenable.com/security/tns-2021-03 (CONFIRM)
GLSA-202103-03 (GENTOO)
https://www.tenable.com/security/tns-2021-09 (CONFIRM)
https://security.netapp.com/advisory/ntap-20210513-0002/ (CONFIRM)
https://support.apple.com/kb/HT212529 (CONFIRM)
https://support.apple.com/kb/HT212528 (CONFIRM)
https://support.apple.com/kb/HT212534 (CONFIRM)
20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1 (FULLDISC)
20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6 (FULLDISC)
20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 (FULLDISC)
https://www.oracle.com/security-alerts/cpuApr2021.html (MISC)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 (CONFIRM)
N/A (N/A)
https://www.oracle.com/security-alerts/cpuoct2021.html (MISC)
https://www.oracle.com/security-alerts/cpuapr2022.html (MISC)
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf (CONFIRM)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf ()
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807 ()
CVE: CVE-2021-3449
CVE: CVE-2021-3449
Id:
CVE-2021-3449
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
Comment
: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://www.openssl.org/news/secadv/20210325.txt (CONFIRM)
20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021 (CISCO)
DSA-4875 (DEBIAN)
https://security.netapp.com/advisory/ntap-20210326-0006/ (CONFIRM)
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc (MISC)
[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
GLSA-202103-03 (GENTOO)
https://www.tenable.com/security/tns-2021-06 (CONFIRM)
https://www.tenable.com/security/tns-2021-05 (CONFIRM)
https://kc.mcafee.com/corporate/index?page=content&id=SB10356 (CONFIRM)
https://www.tenable.com/security/tns-2021-09 (CONFIRM)
https://security.netapp.com/advisory/ntap-20210513-0002/ (CONFIRM)
https://www.tenable.com/security/tns-2021-10 (CONFIRM)
https://www.oracle.com/security-alerts/cpuApr2021.html (MISC)
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf (CONFIRM)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 (CONFIRM)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 (CONFIRM)
N/A (N/A)
[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update (MLIST)
https://www.oracle.com/security-alerts/cpuoct2021.html (MISC)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
https://www.oracle.com/security-alerts/cpuapr2022.html (MISC)
N/A (N/A)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 ()
FEDORA-2021-cbf14ab8f9 ()
CVE: CVE-2021-3450
CVE: CVE-2021-3450
Id:
CVE-2021-3450
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450
Comment
: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3 Score:
7.4
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE:
295 (Certificate Issues)
References:
https://www.openssl.org/news/secadv/20210325.txt (CONFIRM)
20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021 (CISCO)
https://security.netapp.com/advisory/ntap-20210326-0006/ (CONFIRM)
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc (MISC)
[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing (MLIST)
GLSA-202103-03 (GENTOO)
https://www.tenable.com/security/tns-2021-05 (CONFIRM)
https://www.tenable.com/security/tns-2021-08 (CONFIRM)
https://kc.mcafee.com/corporate/index?page=content&id=SB10356 (CONFIRM)
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html (MISC)
https://www.tenable.com/security/tns-2021-09 (CONFIRM)
https://www.oracle.com/security-alerts/cpuApr2021.html (MISC)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 (CONFIRM)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 (CONFIRM)
N/A (N/A)
https://www.oracle.com/security-alerts/cpuoct2021.html (MISC)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
https://www.oracle.com/security-alerts/cpuapr2022.html (MISC)
N/A (N/A)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b ()
FEDORA-2021-cbf14ab8f9 ()
VENDOR: 20210730SE16
VENDOR: 20210730SE16
Id:
20210730SE16
Reference:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=137567742
Content available only for registered users!
ovaldb@altx-soft.com