June 7, 2023

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification.

Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved OpenSSL 1.1.1k. While CVE-2021-3449 affects all OpenSSL 1.1.1 versions, CVE-2021-3450 impacts OpenSSL versions 1.1.1h and newer.

OpenSSL is a software library consisting of cryptographic functions that implement the TLS protocol with the goal of securing communications sent over a computer network.

CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious “ClientHello” message during the handshake between the server and a user.

“If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension, but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack,”.

CVE-2021-3450, on the other hand, relates to an X509_V_FLAG_X509_STRICT flag that enables additional security checks of certificates present in a certificate chain. While this flag is not set by default, an error in the implementation meant that OpenSSL failed to check that “non-CA certificates must not be able to issue other certificates,” resulting in a certificate bypass.

As a result, the flaw prevented apps from rejecting TLS certificates that aren’t digitally signed by a browser-trusted certificate authority (CA).

In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.

Neither of the issues affect OpenSSL 1.0.2, it’s also worth noting that the version has been out of support since January 1, 2020, and is no longer receiving updates. Applications that rely on a vulnerable version of OpenSSL are advised to apply the patches to mitigate the risk associated with the flaws.

Leave a Reply

%d bloggers like this: