Forwarded from MiaoTony's Box (MiaoTony)
#今天又看了啥 #安全 #openssl
NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
一个拒绝服务漏洞,由空指针引用错误引起。对于默认配置下使用 OpenSSL 的软件,恶意构造的请求可以让服务端崩溃。
A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). 受影响范围 1.1.1+
CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
受影响范围 1.1.1h+
OpenSSL 1.1.1k 修复了上述漏洞
See also:
OpenSSL Security Advisory [25 March 2021]
OpenSSL fixes high-severity flaw that allows hackers to crash servers
NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
一个拒绝服务漏洞,由空指针引用错误引起。对于默认配置下使用 OpenSSL 的软件,恶意构造的请求可以让服务端崩溃。
A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). 受影响范围 1.1.1+
CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
受影响范围 1.1.1h+
OpenSSL 1.1.1k 修复了上述漏洞
See also:
OpenSSL Security Advisory [25 March 2021]
OpenSSL fixes high-severity flaw that allows hackers to crash servers
cve.mitre.org
CVE -
CVE-2021-3449
CVE-2021-3449
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.