The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification.
Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL 1.1.1 versions, CVE-2021-3450 impacts OpenSSL versions 1.1.1h and newer.
OpenSSL is a software library consisting of cryptographic functions that implement the Transport Layer Security protocol with the goal of securing communications sent over a computer network.
According to an advisory published by OpenSSL, CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious "ClientHello" message during the handshake between the server and a user. The issue was introduced as part of changes dating back to January 2018.
"If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack," the advisory said.
Nokia, which has been credited with reporting the flaw on March 17, fixed the DoS bug with a one-line code change.
CVE-2021-3450, on the other hand, relates to an X509_V_FLAG_X509_STRICT flag that enables additional security checks of certificates present in a certificate chain. While this flag is not set by default, an error in the implementation meant that OpenSSL failed to check that "non-CA certificates must not be able to issue other certificates," resulting in a certificate bypass.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
As a result, the flaw prevented apps from rejecting TLS certificates that aren't digitally signed by a browser-trusted certificate authority (CA).
"In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose," OpenSSL said.
Benjamin Kaduk from Akamai is said to have reported the issue to the project maintainers on March 18. The vulnerability was discovered by Xiang Ding and others at Akamai, with a fix put in place by former Red Hat principal software engineer and OpenSSL developer Tomáš Mráz.
Although neither of the issues affect OpenSSL 1.0.2, it's also worth noting that the version has been out of support since January 1, 2020, and is no longer receiving updates. Applications that rely on a vulnerable version of OpenSSL are advised to apply the patches to mitigate the risk associated with the flaws.