CVE-2021-3449 in Visual Studio
Summary
by MITRE • 03/25/2021
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/03/2025
This vulnerability represents a critical denial of service flaw in OpenSSL's TLS implementation that specifically targets server-side components during the renegotiation process. The issue stems from improper handling of malformed ClientHello messages during TLSv1.2 renegotiation sequences where the server fails to properly validate extension presence and consistency. The vulnerability is classified as a NULL pointer dereference under specific conditions, making it particularly dangerous as it can be exploited remotely without authentication. According to CWE-476, this represents a NULL pointer dereference vulnerability that occurs when a program attempts to access memory through a null pointer reference, leading to immediate system termination.
The technical exploitation mechanism involves a carefully crafted ClientHello message that omits the signature_algorithms extension from the renegotiation handshake while simultaneously including the signature_algorithms_cert extension. This creates a state where the server's internal processing logic attempts to dereference a NULL pointer when it expects valid extension data to be present. The vulnerability is particularly insidious because it requires the server to have both TLSv1.2 support and renegotiation enabled, which are both enabled by default in affected OpenSSL versions. This configuration creates a perfect storm where legitimate TLS connections can be disrupted through simple malformed handshake messages.
From an operational impact perspective, this vulnerability directly maps to the MITRE ATT&CK technique T1499.004, which involves network denial of service attacks. The vulnerability enables an attacker to perform a remote denial of service against OpenSSL servers, potentially disrupting critical services such as web servers, email servers, or any application relying on TLS encryption. The attack is particularly effective because it requires minimal resources to execute and can be automated at scale, making it a preferred method for disrupting services without requiring complex exploitation techniques. The vulnerability affects all OpenSSL 1.1.1 versions between 1.1.1 and 1.1.1j, creating a wide attack surface across numerous deployments.
The mitigation strategy centers around upgrading to OpenSSL version 1.1.1k, which includes a patch that properly validates the presence and consistency of signature_algorithms and signature_algorithms_cert extensions during renegotiation. This patch implements proper NULL pointer checks and extension validation logic to prevent the crash condition. Organizations should also consider implementing network-level protections such as rate limiting and connection monitoring to detect and prevent exploitation attempts. The vulnerability does not affect OpenSSL 1.0.2 versions, which implement different renegotiation handling logic, but this also means that organizations using older versions may not be immediately impacted while still remaining at risk for other vulnerabilities. System administrators should also review their TLS configurations to ensure that renegotiation is disabled where not strictly required, as this removes the attack vector entirely. The fix addresses the core issue by ensuring that extension validation occurs before any pointer dereference operations, preventing the NULL pointer dereference that leads to the crash condition.