Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-4044 (GCVE-0-2021-4044)
Vulnerability from cvelistv5 – Published: 2021-12-14 18:40 – Updated: 2024-09-17 03:17
VLAI
EPSS
Title
Invalid handling of X509_verify_cert() internal errors in libssl
Summary
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
Severity
No CVSS data available.
CWE
- Invalid error handling
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openssl.org/news/secadv/20211214.txt | x_refsource_CONFIRM |
| https://git.openssl.org/gitweb/?p=openssl.git%3Ba… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2021122… | x_refsource_CONFIRM |
Impacted products
Date Public
2021-12-14 00:00
Credits
Tobias Nießen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tobias Nie\u00dfen"
}
],
"datePublic": "2021-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid error handling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-29T20:06:26.000Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
}
],
"title": "Invalid handling of X509_verify_cert() internal errors in libssl",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2021-12-14",
"ID": "CVE-2021-4044",
"STATE": "PUBLIC",
"TITLE": "Invalid handling of X509_verify_cert() internal errors in libssl"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tobias Nie\u00dfen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid error handling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssl.org/news/secadv/20211214.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211229-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2021-4044",
"datePublished": "2021-12-14T18:40:11.901Z",
"dateReserved": "2021-12-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:17:39.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-4044",
"date": "2026-06-04",
"epss": "0.3328",
"percentile": "0.97005"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-4044\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2021-12-14T19:15:07.807\",\"lastModified\":\"2024-11-21T06:36:47.243\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).\"},{\"lang\":\"es\",\"value\":\"Internamente libssl en OpenSSL llama a X509_verify_cert() en el lado del cliente para verificar un certificado suministrado por un servidor. Esta funci\u00f3n puede devolver un valor negativo para indicar un error interno (por ejemplo, falta de memoria). Tal valor de retorno negativo es mal manejado por OpenSSL y causar\u00e1 que una funci\u00f3n IO (como SSL_connect() o SSL_do_handshake()) no indique el \u00e9xito y una llamada posterior a SSL_get_error() devuelva el valor SSL_ERROR_WANT_RETRY_VERIFY. Este valor de retorno s\u00f3lo debe ser devuelto por OpenSSL si la aplicaci\u00f3n ha llamado previamente a SSL_CTX_set_cert_verify_callback(). Como la mayor\u00eda de las aplicaciones no hacen esto, el valor de retorno SSL_ERROR_WANT_RETRY_VERIFY de SSL_get_error() ser\u00e1 totalmente inesperado y las aplicaciones pueden no comportarse correctamente como resultado. El comportamiento exacto depender\u00e1 de la aplicaci\u00f3n, pero podr\u00eda resultar en bloqueos, bucles infinitos u otras respuestas incorrectas similares. Este problema se agrava en combinaci\u00f3n con otro fallo en OpenSSL versi\u00f3n 3.0 que har\u00e1 que X509_verify_cert() indique un error interno cuando procesa una cadena de certificados. Esto ocurrir\u00e1 cuando un certificado no incluya la extensi\u00f3n de nombre alternativo del sujeto pero cuando una autoridad de certificaci\u00f3n haya aplicado restricciones de nombre. Este problema puede producirse incluso con cadenas v\u00e1lidas. Combinando los dos problemas, un atacante podr\u00eda inducir un comportamiento incorrecto y dependiente de la aplicaci\u00f3n. Corregido en OpenSSL versi\u00f3n 3.0.1 (Afectado 3.0.0)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2\",\"matchCriteriaId\":\"D53A6288-46D2-452F-95DA-ADA3A55544E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73104834-5810-48DD-9B97-549D223853F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D1E839A-4780-412E-9F02-DD3029A0B8EF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B8DB06-590A-4008-B0AB-FCD1401C77C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1236B66D-EB11-4324-929F-E2B86683C3C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"281DFC67-46BB-4FC2-BE03-3C65C9311F65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECF32BB1-9A58-4821-AE49-5D5C8200631F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F21DE67F-CDFD-4D36-9967-633CD0240C6F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"17.0.0\",\"versionEndExcluding\":\"17.3.0\",\"matchCriteriaId\":\"EF176509-5AA8-4644-84E5-051964AECCE5\"}]}]}],\"references\":[{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20211229-0003/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20211214.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20211229-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20211214.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Title
Уязвимость функции X509_verify_cert() библиотеки OpenSSL, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции X509_verify_cert() библиотеки OpenSSL связана с выполнением цикла с недоступным условием выхода. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, OpenSSL Software Foundation
Software Name
Debian GNU/Linux, OpenSSL
Software Version
9 (Debian GNU/Linux), 1.1.0 (OpenSSL), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), до 1.0.2 (OpenSSL), 3.0.0 (OpenSSL)
Possible Mitigations
Использование рекомендаций:https://www.openssl.org/news/secadv/20211214.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256
https://security.netapp.com/advisory/ntap-20211229-0003/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-4044
Reference
https://www.openssl.org/news/secadv/20211214.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256
https://security.netapp.com/advisory/ntap-20211229-0003/
CWE
CWE-835
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, OpenSSL Software Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.1.0 (OpenSSL), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), \u0434\u043e 1.0.2 (OpenSSL), 3.0.0 (OpenSSL)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:https://www.openssl.org/news/secadv/20211214.txt\n\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256\n\nhttps://security.netapp.com/advisory/ntap-20211229-0003/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-4044",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.12.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.04.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02392",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-4044",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, OpenSSL",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 X509_verify_cert() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430 (\u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439 \u0446\u0438\u043a\u043b) (CWE-835)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 X509_verify_cert() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.openssl.org/news/secadv/20211214.txt\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256\nhttps://security.netapp.com/advisory/ntap-20211229-0003/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-835",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-node-2021-4044
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:05
Modified
2025-05-20 10:02
Summary
Invalid handling of X509_verify_cert() internal errors in libssl
Details
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "node",
"purl": "pkg:bitnami/node"
},
"ranges": [
{
"events": [
{
"introduced": "17.0.0"
},
{
"fixed": "17.3.0"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-4044"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"
],
"severity": "High"
},
"details": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",
"id": "BIT-node-2021-4044",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T11:05:16.488Z",
"references": [
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044"
}
],
"schema_version": "1.5.0",
"summary": "Invalid handling of X509_verify_cert() internal errors in libssl"
}
CERTFR-2021-AVI-955
Vulnerability from certfr_avis - Published: 2021-12-15 - Updated: 2021-12-15
De multiples vulnérabilités ont été découvertes dans OpenSSL. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-4044",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4044"
}
],
"initial_release_date": "2021-12-15T00:00:00",
"last_revision_date": "2021-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-955",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans OpenSSL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL 20211214 du 14 d\u00e9cembre 2021",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
}
]
}
Title
OpenSSL内存错误漏洞
Description
OpenSSL是一个强大的安全套接字层密码库,其囊括了目前主流的密码算法,常用的密钥,证书封装管理功能以及SSL协议,并提供丰富的应用程序供测试戒其它目的使用。libssl实现了SSL v2/v3和TLS v1协议。
OpenSSL 3.0.0版本中存在内存错误漏洞。该漏洞是由于libssl调用X509_verify_cert()函数来验证服务器提供的证书时,被OpenSSL错误处理。攻击者可以利用该漏洞导致程序无法正确运行,例如可能会导致崩溃、无限循环或其他类似的错误响应。
Severity
中
Patch Name
OpenSSL内存错误漏洞的补丁
Patch Description
OpenSSL是一个强大的安全套接字层密码库,其囊括了目前主流的密码算法,常用的密钥,证书封装管理功能以及SSL协议,并提供丰富的应用程序供测试戒其它目的使用。libssl实现了SSL v2/v3和TLS v1协议。
OpenSSL 3.0.0版本中存在内存错误漏洞。该漏洞是由于libssl调用X509_verify_cert()函数来验证服务器提供的证书时,被OpenSSL错误处理。攻击者可以利用该漏洞导致程序无法正确运行,例如可能会导致崩溃、无限循环或其他类似的错误响应。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.openssl.org/news/secadv/20211214.txt
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-4044
Impacted products
| Name | OpenSSL Project OpenSSL 3.0.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-4044",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044"
}
},
"description": "OpenSSL\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u5b89\u5168\u5957\u63a5\u5b57\u5c42\u5bc6\u7801\u5e93\uff0c\u5176\u56ca\u62ec\u4e86\u76ee\u524d\u4e3b\u6d41\u7684\u5bc6\u7801\u7b97\u6cd5\uff0c\u5e38\u7528\u7684\u5bc6\u94a5\uff0c\u8bc1\u4e66\u5c01\u88c5\u7ba1\u7406\u529f\u80fd\u4ee5\u53caSSL\u534f\u8bae\uff0c\u5e76\u63d0\u4f9b\u4e30\u5bcc\u7684\u5e94\u7528\u7a0b\u5e8f\u4f9b\u6d4b\u8bd5\u6212\u5176\u5b83\u76ee\u7684\u4f7f\u7528\u3002libssl\u5b9e\u73b0\u4e86SSL v2/v3\u548cTLS v1\u534f\u8bae\u3002\n\nOpenSSL 3.0.0\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8elibssl\u8c03\u7528X509_verify_cert()\u51fd\u6570\u6765\u9a8c\u8bc1\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u8bc1\u4e66\u65f6\uff0c\u88abOpenSSL\u9519\u8bef\u5904\u7406\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7a0b\u5e8f\u65e0\u6cd5\u6b63\u786e\u8fd0\u884c\uff0c\u4f8b\u5982\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5d29\u6e83\u3001\u65e0\u9650\u5faa\u73af\u6216\u5176\u4ed6\u7c7b\u4f3c\u7684\u9519\u8bef\u54cd\u5e94\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.openssl.org/news/secadv/20211214.txt",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-101997",
"openTime": "2021-12-24",
"patchDescription": "OpenSSL\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u5b89\u5168\u5957\u63a5\u5b57\u5c42\u5bc6\u7801\u5e93\uff0c\u5176\u56ca\u62ec\u4e86\u76ee\u524d\u4e3b\u6d41\u7684\u5bc6\u7801\u7b97\u6cd5\uff0c\u5e38\u7528\u7684\u5bc6\u94a5\uff0c\u8bc1\u4e66\u5c01\u88c5\u7ba1\u7406\u529f\u80fd\u4ee5\u53caSSL\u534f\u8bae\uff0c\u5e76\u63d0\u4f9b\u4e30\u5bcc\u7684\u5e94\u7528\u7a0b\u5e8f\u4f9b\u6d4b\u8bd5\u6212\u5176\u5b83\u76ee\u7684\u4f7f\u7528\u3002libssl\u5b9e\u73b0\u4e86SSL v2/v3\u548cTLS v1\u534f\u8bae\u3002\r\n\r\nOpenSSL 3.0.0\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8elibssl\u8c03\u7528X509_verify_cert()\u51fd\u6570\u6765\u9a8c\u8bc1\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u8bc1\u4e66\u65f6\uff0c\u88abOpenSSL\u9519\u8bef\u5904\u7406\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7a0b\u5e8f\u65e0\u6cd5\u6b63\u786e\u8fd0\u884c\uff0c\u4f8b\u5982\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5d29\u6e83\u3001\u65e0\u9650\u5faa\u73af\u6216\u5176\u4ed6\u7c7b\u4f3c\u7684\u9519\u8bef\u54cd\u5e94\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "OpenSSL\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "OpenSSL Project OpenSSL 3.0.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044",
"serverity": "\u4e2d",
"submitTime": "2021-12-17",
"title": "OpenSSL\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e"
}
FKIE_CVE-2021-4044
Vulnerability from fkie_nvd - Published: 2021-12-14 19:15 - Updated: 2024-11-21 06:36
Severity
Summary
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| openssl | openssl | 1.1.0 | |
| openssl | openssl | 3.0.0 | |
| netapp | cloud_backup | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | snapcenter | - | |
| netapp | a250_firmware | - | |
| netapp | a250 | - | |
| netapp | 500f_firmware | - | |
| netapp | 500f | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D53A6288-46D2-452F-95DA-ADA3A55544E5",
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E839A-4780-412E-9F02-DD3029A0B8EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF32BB1-9A58-4821-AE49-5D5C8200631F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F21DE67F-CDFD-4D36-9967-633CD0240C6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "EF176509-5AA8-4644-84E5-051964AECCE5",
"versionEndExcluding": "17.3.0",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
},
{
"lang": "es",
"value": "Internamente libssl en OpenSSL llama a X509_verify_cert() en el lado del cliente para verificar un certificado suministrado por un servidor. Esta funci\u00f3n puede devolver un valor negativo para indicar un error interno (por ejemplo, falta de memoria). Tal valor de retorno negativo es mal manejado por OpenSSL y causar\u00e1 que una funci\u00f3n IO (como SSL_connect() o SSL_do_handshake()) no indique el \u00e9xito y una llamada posterior a SSL_get_error() devuelva el valor SSL_ERROR_WANT_RETRY_VERIFY. Este valor de retorno s\u00f3lo debe ser devuelto por OpenSSL si la aplicaci\u00f3n ha llamado previamente a SSL_CTX_set_cert_verify_callback(). Como la mayor\u00eda de las aplicaciones no hacen esto, el valor de retorno SSL_ERROR_WANT_RETRY_VERIFY de SSL_get_error() ser\u00e1 totalmente inesperado y las aplicaciones pueden no comportarse correctamente como resultado. El comportamiento exacto depender\u00e1 de la aplicaci\u00f3n, pero podr\u00eda resultar en bloqueos, bucles infinitos u otras respuestas incorrectas similares. Este problema se agrava en combinaci\u00f3n con otro fallo en OpenSSL versi\u00f3n 3.0 que har\u00e1 que X509_verify_cert() indique un error interno cuando procesa una cadena de certificados. Esto ocurrir\u00e1 cuando un certificado no incluya la extensi\u00f3n de nombre alternativo del sujeto pero cuando una autoridad de certificaci\u00f3n haya aplicado restricciones de nombre. Este problema puede producirse incluso con cadenas v\u00e1lidas. Combinando los dos problemas, un atacante podr\u00eda inducir un comportamiento incorrecto y dependiente de la aplicaci\u00f3n. Corregido en OpenSSL versi\u00f3n 3.0.1 (Afectado 3.0.0)"
}
],
"id": "CVE-2021-4044",
"lastModified": "2024-11-21T06:36:47.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-14T19:15:07.807",
"references": [
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20211214.txt"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-MMJF-F5JW-W72Q
Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2022-09-19 21:58
VLAI
Summary
Invalid handling of `X509_verify_cert()` internal errors in libssl
Details
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl-src"
},
"ranges": [
{
"events": [
{
"introduced": "300.0.0"
},
{
"fixed": "300.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4044"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-17T00:01:23Z",
"nvd_published_at": "2021-12-14T19:15:00Z",
"severity": "HIGH"
},
"details": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",
"id": "GHSA-mmjf-f5jw-w72q",
"modified": "2022-09-19T21:58:21Z",
"published": "2021-12-15T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0129.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211229-0003"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Invalid handling of `X509_verify_cert()` internal errors in libssl"
}
GSD-2021-4044
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-4044",
"description": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",
"id": "GSD-2021-4044",
"references": [
"https://www.suse.com/security/cve/CVE-2021-4044.html",
"https://security.archlinux.org/CVE-2021-4044"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-4044"
],
"details": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",
"id": "GSD-2021-4044",
"modified": "2023-12-13T01:23:11.434466Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2021-12-14",
"ID": "CVE-2021-4044",
"STATE": "PUBLIC",
"TITLE": "Invalid handling of X509_verify_cert() internal errors in libssl"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tobias Nie\u00dfen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid error handling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssl.org/news/secadv/20211214.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211229-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.0.2||=1.1.0||=3.0.0",
"affected_versions": "All versions before 1.0.2, version 1.1.0, version 3.0.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-835",
"CWE-937"
],
"date": "2022-08-30",
"description": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses.",
"fixed_versions": [
"1.0.2s",
"3.0.1"
],
"identifier": "CVE-2021-4044",
"identifiers": [
"CVE-2021-4044"
],
"not_impacted": "All versions starting from 1.0.2 before 1.1.0, all versions after 1.1.0 before 3.0.0, all versions after 3.0.0",
"package_slug": "conan/openssl",
"pubdate": "2021-12-14",
"solution": "Upgrade to versions 1.0.2s, 3.0.1 or above.",
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-4044",
"https://www.openssl.org/news/secadv/20211214.txt",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
],
"uuid": "31029308-3b3d-4089-b6af-7729e672e133"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.3.0",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"ID": "CVE-2021-4044"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssl.org/news/secadv/20211214.txt",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211229-0003/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256",
"refsource": "",
"tags": [],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-11-09T14:44Z",
"publishedDate": "2021-12-14T19:15Z"
}
}
}
OPENSUSE-SU-2024:11797-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenssl-3-devel-3.0.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: libopenssl-3-devel-3.0.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the libopenssl-3-devel-3.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11797
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenssl-3-devel-3.0.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenssl-3-devel-3.0.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11797",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11797-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1971 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4044 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4044/"
}
],
"title": "libopenssl-3-devel-3.0.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11797-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.1-1.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.0.1-1.1.aarch64",
"product_id": "libopenssl-3-devel-3.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"product_id": "libopenssl-3-devel-32bit-3.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.1-1.1.aarch64",
"product": {
"name": "libopenssl3-3.0.1-1.1.aarch64",
"product_id": "libopenssl3-3.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.1-1.1.aarch64",
"product": {
"name": "libopenssl3-32bit-3.0.1-1.1.aarch64",
"product_id": "libopenssl3-32bit-3.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.1-1.1.aarch64",
"product": {
"name": "openssl-3-3.0.1-1.1.aarch64",
"product_id": "openssl-3-3.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.1-1.1.aarch64",
"product": {
"name": "openssl-3-doc-3.0.1-1.1.aarch64",
"product_id": "openssl-3-doc-3.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.1-1.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.0.1-1.1.ppc64le",
"product_id": "libopenssl-3-devel-3.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"product_id": "libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.1-1.1.ppc64le",
"product": {
"name": "libopenssl3-3.0.1-1.1.ppc64le",
"product_id": "libopenssl3-3.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.1-1.1.ppc64le",
"product": {
"name": "libopenssl3-32bit-3.0.1-1.1.ppc64le",
"product_id": "libopenssl3-32bit-3.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.1-1.1.ppc64le",
"product": {
"name": "openssl-3-3.0.1-1.1.ppc64le",
"product_id": "openssl-3-3.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.1-1.1.ppc64le",
"product": {
"name": "openssl-3-doc-3.0.1-1.1.ppc64le",
"product_id": "openssl-3-doc-3.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.1-1.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.0.1-1.1.s390x",
"product_id": "libopenssl-3-devel-3.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"product_id": "libopenssl-3-devel-32bit-3.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.1-1.1.s390x",
"product": {
"name": "libopenssl3-3.0.1-1.1.s390x",
"product_id": "libopenssl3-3.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.1-1.1.s390x",
"product": {
"name": "libopenssl3-32bit-3.0.1-1.1.s390x",
"product_id": "libopenssl3-32bit-3.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.1-1.1.s390x",
"product": {
"name": "openssl-3-3.0.1-1.1.s390x",
"product_id": "openssl-3-3.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.1-1.1.s390x",
"product": {
"name": "openssl-3-doc-3.0.1-1.1.s390x",
"product_id": "openssl-3-doc-3.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.1-1.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.0.1-1.1.x86_64",
"product_id": "libopenssl-3-devel-3.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.1-1.1.x86_64",
"product": {
"name": "libopenssl3-3.0.1-1.1.x86_64",
"product_id": "libopenssl3-3.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.1-1.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.0.1-1.1.x86_64",
"product_id": "libopenssl3-32bit-3.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.1-1.1.x86_64",
"product": {
"name": "openssl-3-3.0.1-1.1.x86_64",
"product_id": "openssl-3-3.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.1-1.1.x86_64",
"product": {
"name": "openssl-3-doc-3.0.1-1.1.x86_64",
"product_id": "openssl-3-doc-3.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64"
},
"product_reference": "libopenssl3-3.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x"
},
"product_reference": "libopenssl3-3.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64"
},
"product_reference": "libopenssl3-3.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64"
},
"product_reference": "libopenssl3-32bit-3.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le"
},
"product_reference": "libopenssl3-32bit-3.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x"
},
"product_reference": "libopenssl3-32bit-3.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64"
},
"product_reference": "openssl-3-3.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le"
},
"product_reference": "openssl-3-3.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x"
},
"product_reference": "openssl-3-3.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64"
},
"product_reference": "openssl-3-3.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64"
},
"product_reference": "openssl-3-doc-3.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le"
},
"product_reference": "openssl-3-doc-3.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x"
},
"product_reference": "openssl-3-doc-3.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64"
},
"product_reference": "openssl-3-doc-3.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1971"
}
],
"notes": [
{
"category": "general",
"text": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1971",
"url": "https://www.suse.com/security/cve/CVE-2020-1971"
},
{
"category": "external",
"summary": "SUSE Bug 1179491 for CVE-2020-1971",
"url": "https://bugzilla.suse.com/1179491"
},
{
"category": "external",
"summary": "SUSE Bug 1196179 for CVE-2020-1971",
"url": "https://bugzilla.suse.com/1196179"
},
{
"category": "external",
"summary": "SUSE Bug 1199303 for CVE-2020-1971",
"url": "https://bugzilla.suse.com/1199303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-1971"
},
{
"cve": "CVE-2021-4044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4044"
}
],
"notes": [
{
"category": "general",
"text": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4044",
"url": "https://www.suse.com/security/cve/CVE-2021-4044"
},
{
"category": "external",
"summary": "SUSE Bug 1193740 for CVE-2021-4044",
"url": "https://bugzilla.suse.com/1193740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.1-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-4044"
}
]
}
rustsec-2021-0129
Vulnerability from osv_rustsec
Published
2021-12-14 12:00
Modified
2023-06-13 13:10
Summary
Invalid handling of `X509_verify_cert()` internal errors in libssl
Details
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to
verify a certificate supplied by a server. That function may return a negative
return value to indicate an internal error (for example out of memory). Such a
negative return value is mishandled by OpenSSL and will cause an IO function
(such as SSL_connect() or SSL_do_handshake()) to not indicate success and a
subsequent call to SSL_get_error() to return the value
SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned
by OpenSSL if the application has previously called
SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the
SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally
unexpected and applications may not behave correctly as a result. The exact
behaviour will depend on the application but it could result in crashes,
infinite loops or other similar incorrect responses.
This issue is made more serious in combination with a separate bug in OpenSSL
3.0 that will cause X509_verify_cert() to indicate an internal error when
processing a certificate chain. This will occur where a certificate does not
include the Subject Alternative Name extension but where a Certificate Authority
has enforced name constraints. This issue can occur even with valid chains.
References
{
"affected": [
{
"database_specific": {
"categories": [
"denial-of-service"
],
"cvss": null,
"informational": null
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "openssl-src",
"purl": "pkg:cargo/openssl-src"
},
"ranges": [
{
"events": [
{
"introduced": "300.0.0"
},
{
"fixed": "300.0.4"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"CVE-2021-4044",
"GHSA-mmjf-f5jw-w72q"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "Internally libssl in OpenSSL calls `X509_verify_cert()` on the client side to\nverify a certificate supplied by a server. That function may return a negative\nreturn value to indicate an internal error (for example out of memory). Such a\nnegative return value is mishandled by OpenSSL and will cause an IO function\n(such as `SSL_connect()` or `SSL_do_handshake()`) to not indicate success and a\nsubsequent call to `SSL_get_error()` to return the value\n`SSL_ERROR_WANT_RETRY_VERIFY`. This return value is only supposed to be returned\nby OpenSSL if the application has previously called\n`SSL_CTX_set_cert_verify_callback()`. Since most applications do not do this the\n`SSL_ERROR_WANT_RETRY_VERIFY` return value from `SSL_get_error()` will be totally\nunexpected and applications may not behave correctly as a result. The exact\nbehaviour will depend on the application but it could result in crashes,\ninfinite loops or other similar incorrect responses.\n\nThis issue is made more serious in combination with a separate bug in OpenSSL\n3.0 that will cause `X509_verify_cert()` to indicate an internal error when\nprocessing a certificate chain. This will occur where a certificate does not\ninclude the Subject Alternative Name extension but where a Certificate Authority\nhas enforced name constraints. This issue can occur even with valid chains.",
"id": "RUSTSEC-2021-0129",
"modified": "2023-06-13T13:10:24Z",
"published": "2021-12-14T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/openssl-src"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0129.html"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
}
],
"related": [],
"severity": [],
"summary": "Invalid handling of `X509_verify_cert()` internal errors in libssl"
}
WID-SEC-W-2024-0958
Vulnerability from csaf_certbund - Published: 2021-12-14 23:00 - Updated: 2024-11-25 23:00Summary
OpenSSL: Schwachstelle ermöglicht Denial of Service
Severity
Niedrig
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- NetApp Appliance
- Sonstiges
- UNIX
- Windows
Es existiert eine Schwachstelle in OpenSSL bei der clientseitigen Prüfung von X.509 Server-Zertifikaten. Die Funktion X509_verify_cert() gibt unter bestimmten Umständen negative Statuswerte zurück, die von der aufrufenden Funktion (z.B. SSL_connect() oder SSL_do_handshake()) falsch interpretiert werden. Diese Situation wird beispielsweise erreicht, wenn in einem zu prüfenden Zertifikat die X.509 Erweiterung "SubjectAltName" nicht vorhanden ist, aber ein in der Kette darüber befindliches Zertifikat die X.509 Erweiterung "nameConstraint" enthält. Ein Angreifer, der einen bösartigen Server kontrolliert, kann dies ausnutzen, um einen Denial of Service Zustand oder ein nicht vorhersehbares Verhalten bezüglich des Clients herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL 3.0.0
Open Source / OpenSSL
|
cpe:/a:openssl:openssl:3.0.0
|
3.0.0 |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- NetApp Appliance\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0958 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2024-0958.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0958 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0958"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory vom 2021-12-14",
"url": "https://www.openssl.org/news/secadv/20211214.txt"
},
{
"category": "external",
"summary": "F5 Security Advisory K83823933 vom 2021-12-31",
"url": "https://support.f5.com/csp/article/K83823933"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20211229-0003 vom 2022-01-03",
"url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-20865 vom 2024-04-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-20865.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12343 vom 2024-04-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-12343.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-23120 vom 2024-06-04",
"url": "https://linux.oracle.com/errata/ELSA-2024-23120.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12408 vom 2024-06-05",
"url": "https://linux.oracle.com/errata/ELSA-2024-12408.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12409 vom 2024-06-04",
"url": "https://linux.oracle.com/errata/ELSA-2024-12409.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12842 vom 2024-11-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-12842.html"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-11-25T23:00:00.000+00:00",
"generator": {
"date": "2024-11-26T09:24:49.999+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-0958",
"initial_release_date": "2021-12-14T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-12-14T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-12-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2022-01-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp FAS",
"product": {
"name": "NetApp FAS",
"product_id": "T011540",
"product_identification_helper": {
"cpe": "cpe:/h:netapp:fas:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.0",
"product": {
"name": "Open Source OpenSSL 3.0.0",
"product_id": "T021310",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.0"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4044",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSL bei der clientseitigen Pr\u00fcfung von X.509 Server-Zertifikaten. Die Funktion X509_verify_cert() gibt unter bestimmten Umst\u00e4nden negative Statuswerte zur\u00fcck, die von der aufrufenden Funktion (z.B. SSL_connect() oder SSL_do_handshake()) falsch interpretiert werden. Diese Situation wird beispielsweise erreicht, wenn in einem zu pr\u00fcfenden Zertifikat die X.509 Erweiterung \"SubjectAltName\" nicht vorhanden ist, aber ein in der Kette dar\u00fcber befindliches Zertifikat die X.509 Erweiterung \"nameConstraint\" enth\u00e4lt. Ein Angreifer, der einen b\u00f6sartigen Server kontrolliert, kann dies ausnutzen, um einen Denial of Service Zustand oder ein nicht vorhersehbares Verhalten bez\u00fcglich des Clients herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T011540",
"T001663",
"T004914",
"T021310"
]
},
"release_date": "2021-12-14T23:00:00.000+00:00",
"title": "CVE-2021-4044"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…