An advisory for two high-severity flaws has been issued by the OpenSSL project.

The high-severity vulnerabilities are tracked as CVE-2021-3449 and CVE-2021-3450 and are lurking in various products OpenSSL. OpenSSL is a majorly used software library. It is used to build networking applications and servers that are required to establish secure communications. The flaws entail: 8/0

• CVE-2021-3449: A Denial of Service (DoS) vulnerability due to NULL pointer dereferencing which only negatively affects OpenSSL server instances and not the clients.
• CVE-2021-3450: An improper Certificate Authority (CA) certificate validation flaw which negatively impacts not only the server but also the client instances.

Interestingly just by sending a one-liner, the DoS vulnerability can be actually fixed. The DoS flaw in the OpenSSL TLS server can actually prompt the server to crash, if in case, during the time of renegotiation, the client sends a rogue ClientHello text message.

"If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature algorithms cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack," informs the advisory.

The flaw only negatively affects OpenSSL servers that are executing versions between 1.1.1 and 1.1.1j (including both of these). Both these have TLSv1.2 and also renegotiation enabled. Several active servers could be potentially prone to attack because this is the default configuration on such OpenSSL server versions. However, the OpenSSL clients are not negatively affected.

The DoS bug was fortunately fixed by a one-liner, which entailed setting the peer_sigalgslen to zero. Image: One line fix for NULL pointer issue leading to DoS, CVE-2021-3449 Source: GitHub

Engineers Peter Kästle and Samuel Sapalski of Nokia have discovered the flaw.

The Certificate Authority (CA) certificate validation bypass flaw, CVE-2021-3450, has to do with the X509_V_FLAG_X509_STRICT flag.

The OpenSSL uses this flag to disallow the use of workarounds for broken certificates as well as strictly needs that certificates be corroborated against X509 rules. Still, owing to a regression bug, OpenSSL versions 1.1.1h and above (but excluding the fixed release 1.1.1k) are negatively impacted by this flaw, because this flag is not set by default.

"Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check."

"An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten," mentions the advisory.

signature_algorithms_cert signature_algorithms_cert signature_algorithms_cert