NVD Vulnerability Detail

CVE-2021-3449

Summary	An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Publication Date	March 26, 2021, 12:15 a.m.
Registration Date	March 26, 2021, 10:04 a.m.
Last Update	Nov. 21, 2024, 3:21 p.m.

CVSS3.1 : MEDIUM
スコア	5.9
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl::::::::		1.1.1			1.1.1k

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:freebsd:freebsd:12.2:p1::::::
cpe:2.3:o:freebsd:freebsd:12.2:p2::::::
cpe:2.3:o:freebsd:freebsd:12.2:-::::::

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:netapp:santricity_smi-s_provider:-:::::::*
cpe:2.3:a:netapp:snapcenter:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:netapp:storagegrid:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:::::::*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:a:tenable:tenable.sc::::::::	5.13.0	5.17.0
cpe:2.3:a:tenable:nessus::::::::		8.13.1
cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:::::::*
cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:::::::*
cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:::::::*
cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:::::::*
cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:::::::*
cpe:2.3:a:tenable:log_correlation_engine::::::::				6.0.9

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:34:::::::*

Configuration7	or higher	or less	more than	less than
cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:::::::*
cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:::::::*
cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:::::::*
cpe:2.3:a:mcafee:web_gateway:10.1.1:::::::*
cpe:2.3:a:mcafee:web_gateway:9.2.10:::::::*
cpe:2.3:a:mcafee:web_gateway:8.2.19:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:::::::*
cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:::::::*
execution environment
1	cpe:2.3:h:checkpoint:quantum_security_management:-:::::::*

Configuration9		or higher	or less	more than	less than
cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:::::::*
cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:::::::*
execution environment
1	cpe:2.3:h:checkpoint:multi-domain_management:-:::::::*

Configuration10		or higher	or less	more than	less than
cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:::::::*
cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:::::::*
execution environment
1	cpe:2.3:h:checkpoint:quantum_security_gateway:-:::::::*

Configuration11	or higher	or less	more than	less than
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::	17.7	17.12
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.6:::::::*
cpe:2.3:a:oracle:graalvm:20.3.1.2::::enterprise:::
cpe:2.3:a:oracle:graalvm:21.0.0.2::::enterprise:::
cpe:2.3:a:oracle:graalvm:19.3.5::::enterprise:::
cpe:2.3:a:oracle:mysql_server::::::::	8.0.15	8.0.23
cpe:2.3:a:oracle:mysql_server::::::::		5.7.33
cpe:2.3:a:oracle:mysql_workbench::::::::		8.0.23
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
cpe:2.3:a:oracle:essbase:21.2:::::::*
cpe:2.3:a:oracle:mysql_connectors::::::::		8.0.23
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::				9.2.6.0
cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
cpe:2.3:a:oracle:secure_backup::::::::				18.1.0.1.0
cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:::::::*

Configuration12		or higher	or less	more than	less than
cpe:2.3:o:sonicwall:sma100_firmware::::::::		10.2.0.0			10.2.1.0-17sv
execution environment
1	cpe:2.3:h:sonicwall:sma100:-:::::::*

Configuration13	or higher	or less	more than	less than
cpe:2.3:a:sonicwall:capture_client:3.5:::::::*
cpe:2.3:o:sonicwall:sonicos:7.0.1.0:::::::*

Configuration14		or higher	or less	more than	less than
cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware::::::::		6.2
execution environment
1	cpe:2.3:h:siemens:ruggedcom_rcm1224:-:::::::*

Configuration15		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_lpe9403_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:scalance_lpe9403:-:::::::*

Configuration16		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_m-800_firmware::::::::		6.2
execution environment
1	cpe:2.3:h:siemens:scalance_m-800:-:::::::*

Configuration17		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_s602_firmware::::::::		4.1
execution environment
1	cpe:2.3:h:siemens:scalance_s602:-:::::::*

Configuration18		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_s612_firmware::::::::		4.1
execution environment
1	cpe:2.3:h:siemens:scalance_s612:-:::::::*

Configuration19		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_s615_firmware::::::::		6.2
execution environment
1	cpe:2.3:h:siemens:scalance_s615:-:::::::*

Configuration20		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_s623_firmware::::::::		4.1
execution environment
1	cpe:2.3:h:siemens:scalance_s623:-:::::::*

Configuration21		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_s627-2m_firmware::::::::		4.1
execution environment
1	cpe:2.3:h:siemens:scalance_s627-2m:-:::::::*

Configuration22		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_sc-600_firmware::::::::		2.0
execution environment
1	cpe:2.3:h:siemens:scalance_sc-600:-:::::::*

Configuration23		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_w700_firmware::::::::		6.5
execution environment
1	cpe:2.3:h:siemens:scalance_w700:-:::::::*

Configuration24		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_w1700_firmware::::::::		2.0
execution environment
1	cpe:2.3:h:siemens:scalance_w1700:-:::::::*

Configuration25		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xb-200_firmware::::::::					4.3
execution environment
1	cpe:2.3:h:siemens:scalance_xb-200:-:::::::*

Configuration26		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xc-200_firmware::::::::					4.3
execution environment
1	cpe:2.3:h:siemens:scalance_xc-200:-:::::::*

Configuration27		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xf-200ba_firmware::::::::					4.3
execution environment
1	cpe:2.3:h:siemens:scalance_xf-200ba:-:::::::*

Configuration28		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xm-400_firmware::::::::					6.4
execution environment
1	cpe:2.3:h:siemens:scalance_xm-400:-:::::::*

Configuration29		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xp-200_firmware::::::::					4.3
execution environment
1	cpe:2.3:h:siemens:scalance_xp-200:-:::::::*

Configuration30		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xr-300wg_firmware::::::::					4.3
execution environment
1	cpe:2.3:h:siemens:scalance_xr-300wg:-:::::::*

Configuration31		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xr524-8c_firmware::::::::					6.4
execution environment
1	cpe:2.3:h:siemens:scalance_xr524-8c:-:::::::*

Configuration32		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xr526-8c_firmware::::::::					6.4
execution environment
1	cpe:2.3:h:siemens:scalance_xr526-8c:-:::::::*

Configuration33		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xr528-6m_firmware::::::::					6.4
execution environment
1	cpe:2.3:h:siemens:scalance_xr528-6m:-:::::::*

Configuration34		or higher	or less	more than	less than
cpe:2.3:o:siemens:scalance_xr552-12_firmware::::::::					6.4
execution environment
1	cpe:2.3:h:siemens:scalance_xr552-12:-:::::::*

Configuration35		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware::::::::		1.1
cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:::::::*
execution environment
1	cpe:2.3:h:siemens:simatic_cloud_connect_7:-:::::::*

Configuration36		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware::::::::		3.1
cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:::::::*
execution environment
1	cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:::::::*

Configuration37		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:::::::*

Configuration38		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:::::::*

Configuration39		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:::::::*

Configuration40		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_mv500_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_mv500:-:::::::*

Configuration41		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware::::::::		3.1
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:::::::*

Configuration42		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware::::::::		3.1
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:::::::*

Configuration43		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware::::::::		3.1
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:::::::*

Configuration44		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware::::::::		3.1
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:::::::*

Configuration45		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware::::::::		2.1
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:::::::*

Configuration46		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware::::::::		2.2			3.0
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:::::::*

Configuration47		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware::::::::		2.1
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:::::::*

Configuration48		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware::::::::		1.0
execution environment
1	cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:::::::*

Configuration49		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:::::::*

Configuration50		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_pcs_neo_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_pcs_neo:-:::::::*

Configuration51		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_pdm_firmware::::::::		9.1.0.7
execution environment
1	cpe:2.3:h:siemens:simatic_pdm:-:::::::*

Configuration52		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware::::::::		2019
execution environment
1	cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:::::::*

Configuration53		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_rf166c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_rf166c:-:::::::*

Configuration54		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_rf185c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_rf185c:-:::::::*

Configuration55		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_rf186c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_rf186c:-:::::::*

Configuration56		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_rf186ci_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_rf186ci:-:::::::*

Configuration57		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_rf188c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_rf188c:-:::::::*

Configuration58		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_rf188ci_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_rf188ci:-:::::::*

Configuration59		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_rf360r_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_rf360r:-:::::::*

Configuration60		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:::::::*

Configuration61		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:::::::*

Configuration62		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:::::::*

Configuration63		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:::::::*

Configuration64		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:::::::*

Configuration65		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:::::::*

Configuration66		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:::::::*

Configuration67		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:::::::*

Configuration68		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:::::::*

Configuration69		or higher	or less	more than	less than
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp:-:::::::*

Configuration70		or higher	or less	more than	less than
cpe:2.3:o:siemens:sinamics_connect_300_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:sinamics_connect_300:-:::::::*

Configuration71		or higher	or less	more than	less than
cpe:2.3:o:siemens:tim_1531_irc_firmware::::::::		2.0			2.2
execution environment
1	cpe:2.3:h:siemens:tim_1531_irc:-:::::::*

Configuration72	or higher	or less	more than	less than
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::
cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1::::::
cpe:2.3:a:siemens:sinema_server:14.0:sp1::::::
cpe:2.3:a:siemens:sinema_server:14.0:sp2::::::
cpe:2.3:a:siemens:sinema_server:14.0:-::::::
cpe:2.3:a:siemens:simatic_logon::::::::	1.6.0.2
cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1::::::
cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:::::::*
cpe:2.3:a:siemens:sinec_nms:1.0:sp1::::::
cpe:2.3:a:siemens:sinec_nms:1.0:-::::::
cpe:2.3:a:siemens:sinec_pni:-:::::::*
cpe:2.3:a:siemens:tia_administrator::::::::
cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2::::::
cpe:2.3:a:siemens:sinumerik_opc_ua_server::::::::

Configuration73		or higher	or less	more than	less than
cpe:2.3:a:siemens:sinec_infrastructure_network_services::::::::					1.0.1.1

Configuration74	or higher	or less	more than	less than
cpe:2.3:a:nodejs:node.js:::::-:::*	14.0.0	14.14.0
cpe:2.3:a:nodejs:node.js:::::-:::*	10.0.0	10.12.0
cpe:2.3:a:nodejs:node.js:::::-:::*	12.0.0	12.12.0
cpe:2.3:a:nodejs:node.js:::::lts:::*	14.15.0			14.16.1
cpe:2.3:a:nodejs:node.js:::::lts:::*	12.13.0			12.22.1
cpe:2.3:a:nodejs:node.js:::::lts:::*	10.13.0	10.24.0
cpe:2.3:a:nodejs:node.js:::::-:::*	15.0.0			15.14.0

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2021/03/27/1	Mailing List Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2021/03/27/1	Mailing List Third Party Advisory
3	http://www.openwall.com/lists/oss-security/2021/03/27/2	Mailing List Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2021/03/27/2	Mailing List Third Party Advisory
5	http://www.openwall.com/lists/oss-security/2021/03/28/3	Mailing List Third Party Advisory
6	http://www.openwall.com/lists/oss-security/2021/03/28/3	Mailing List Third Party Advisory
7	http://www.openwall.com/lists/oss-security/2021/03/28/4	Mailing List Third Party Advisory
8	http://www.openwall.com/lists/oss-security/2021/03/28/4	Mailing List Third Party Advisory
9	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Third Party Advisory
10	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Third Party Advisory
11	https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf	Patch Third Party Advisory
12	https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf	Patch Third Party Advisory
13	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
14	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
15	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845	Third Party Advisory
16	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845	Third Party Advisory
17	https://kc.mcafee.com/corporate/index?page=content&id=SB10356	Third Party Advisory
18	https://kc.mcafee.com/corporate/index?page=content&id=SB10356	Third Party Advisory
19	https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html	Mailing List Third Party Advisory
20	https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html	Mailing List Third Party Advisory
21	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
22	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
23	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013	Third Party Advisory
24	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013	Third Party Advisory
25	https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc	Third Party Advisory
26	https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc	Third Party Advisory
27	https://security.gentoo.org/glsa/202103-03	Third Party Advisory
28	https://security.gentoo.org/glsa/202103-03	Third Party Advisory
29	https://security.netapp.com/advisory/ntap-20210326-0006/	Third Party Advisory
30	https://security.netapp.com/advisory/ntap-20210326-0006/	Third Party Advisory
31	https://security.netapp.com/advisory/ntap-20210513-0002/	Third Party Advisory
32	https://security.netapp.com/advisory/ntap-20210513-0002/	Third Party Advisory
33	https://security.netapp.com/advisory/ntap-20240621-0006/
34	https://security.netapp.com/advisory/ntap-20240621-0006/
35	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd	Third Party Advisory
36	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd	Third Party Advisory
37	https://www.debian.org/security/2021/dsa-4875	Third Party Advisory
38	https://www.debian.org/security/2021/dsa-4875	Third Party Advisory
39	https://www.openssl.org/news/secadv/20210325.txt	Vendor Advisory
40	https://www.openssl.org/news/secadv/20210325.txt	Vendor Advisory
41	https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
42	https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
43	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
44	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
45	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
46	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
47	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
48	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
49	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
50	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
51	https://www.tenable.com/security/tns-2021-05	Third Party Advisory
52	https://www.tenable.com/security/tns-2021-05	Third Party Advisory
53	https://www.tenable.com/security/tns-2021-06	Third Party Advisory
54	https://www.tenable.com/security/tns-2021-06	Third Party Advisory
55	https://www.tenable.com/security/tns-2021-09	Third Party Advisory
56	https://www.tenable.com/security/tns-2021-09	Third Party Advisory
57	https://www.tenable.com/security/tns-2021-10	Third Party Advisory
58	https://www.tenable.com/security/tns-2021-10	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html

JVN Vulnerability Information

OpenSSL における NULL ポインタデリファレンスに関する脆弱性

Title	OpenSSL における NULL ポインタデリファレンスに関する脆弱性
Summary	OpenSSL には、TLSv1.2 および再ネゴシエーションが有効になっている場合、NULL ポインタデリファレンスに関する脆弱性が存在します。
Possible impacts	クライアントから悪意を持って巧妙に細工された再ネゴシエーション ClientHello メッセージを送信されることで、クラッシュおよびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 25, 2021, midnight
Registration Date	May 6, 2021, 5:03 p.m.
Last Update	Sept. 13, 2021, 4:43 p.m.

Affected System

チェック・ポイント・ソフトウェア・テクノロジーズ

Multi-Domain Management ファームウェア

Quantum Security Gateway ファームウェア

Quantum Security Management ファームウェア

OpenSSL Project

OpenSSL 1.1.1 から 1.1.1j

日立

Hitachi Ops Center Analyzer viewpoint (海外販売のみ)

Hitachi Ops Center Common Services (海外販売のみ)

JP1/Base

JP1/File Transmission Server/FTP

マカフィー

McAfee Web Gateway ソフトウェア

Web Gateway Cloud Service

Debian

Debian GNU/Linux

FreeBSD

Fedora Project

Fedora

NetApp

Cloud Volumes ONTAP メディエータ

E-Series Performance Analyzer

OnCommand Workflow Automation

ONTAP Select Deploy administration utility

SANtricity SMI-S Provider

StorageGRID

Tenable, Inc.

Nessus

Tenable.Sc

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-3449	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
National Vulnerability Database (NVD)
2	CVE-2021-3449	https://nvd.nist.gov/vuln/detail/CVE-2021-3449

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-476	http://cwe.mitre.org/data/definitions/476.html

ベンダー情報

No	Name	URL
Check Point
1	Top Page	https://www.checkpoint.com/
Debian Security Advisory
2	DSA-4875-1	https://www.debian.org/security/2021/dsa-4875
Fedora Update Notification
3	FEDORA-2021-cbf14ab8f9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
FreeBSD Security Advisory
4	FreeBSD-SA-21:07.openssl	https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc
Git
5	ssl sigalg extension: fix NULL pointer dereference	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
Hitachi Software Vulnerability Information
6	hitachi-sec-2021-117	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-117/index.html
7	hitachi-sec-2021-119	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-119/index.html
8	hitachi-sec-2021-130	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-130/index.html
McAfee Security Bulletin
9	SB10356	https://kc.mcafee.com/corporate/index?page=content&id=SB10356
NetApp Advisory
10	NTAP-20210326-0006	https://security.netapp.com/advisory/ntap-20210326-0006/
OpenSSL Security Advisory
11	NULL pointer deref in signature_algorithms processing (CVE-2021-3449)	https://www.openssl.org/news/secadv/20210325.txt
Tenable Network Security
12	TNS-2021-05	https://www.tenable.com/security/tns-2021-05
13	TNS-2021-06	https://www.tenable.com/security/tns-2021-06
ソフトウェア製品セキュリティ情報
14	hitachi-sec-2021-117	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2021-117/index.html
15	hitachi-sec-2021-119	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2021-119/index.html
16	hitachi-sec-2021-130	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2021-130/index.html

その他

No	Name	URL
JVN
1	JVNVU#92126369	https://jvn.jp/vu/JVNVU92126369/

Change Log

No	Changed Details	Date of change
1	[2021年05月06日] 掲載	May 6, 2021, 5:03 p.m.
2	[2021年05月24日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (hitachi-sec-2021-117) を追加ベンダ情報：日立 (hitachi-sec-2021-119) を追加	Sept. 13, 2021, 4:42 p.m.
3	[2021年09月13日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (hitachi-sec-2021-130) を追加	Sept. 13, 2021, 4:43 p.m.

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:netapp:santricity_smi-s_provider:-:::::::*
cpe:2.3:a:netapp:snapcenter:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:netapp:storagegrid:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:::::::*
cpe:2.3:a:netapp:e-series_performance_analyzer:-:::::::*

Configuration7	or higher	or less	more than	less than
cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:::::::*
cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:::::::*
cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:::::::*
cpe:2.3:a:mcafee:web_gateway:10.1.1:::::::*
cpe:2.3:a:mcafee:web_gateway:9.2.10:::::::*
cpe:2.3:a:mcafee:web_gateway:8.2.19:::::::*

Configuration11	or higher	or less	more than	less than
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::	17.7	17.12
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.6:::::::*
cpe:2.3:a:oracle:graalvm:20.3.1.2::::enterprise:::
cpe:2.3:a:oracle:graalvm:21.0.0.2::::enterprise:::
cpe:2.3:a:oracle:graalvm:19.3.5::::enterprise:::
cpe:2.3:a:oracle:mysql_server::::::::	8.0.15	8.0.23
cpe:2.3:a:oracle:mysql_server::::::::		5.7.33
cpe:2.3:a:oracle:mysql_workbench::::::::		8.0.23
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
cpe:2.3:a:oracle:essbase:21.2:::::::*
cpe:2.3:a:oracle:mysql_connectors::::::::		8.0.23
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::				9.2.6.0
cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
cpe:2.3:a:oracle:secure_backup::::::::				18.1.0.1.0
cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:::::::*