cnvd - cnvd-2021-101997

cnvd-2021-101997

Vulnerability from cnvd

Title: OpenSSL内存错误漏洞

Description:

OpenSSL是一个强大的安全套接字层密码库，其囊括了目前主流的密码算法，常用的密钥，证书封装管理功能以及SSL协议，并提供丰富的应用程序供测试戒其它目的使用。libssl实现了SSL v2/v3和TLS v1协议。

OpenSSL 3.0.0版本中存在内存错误漏洞。该漏洞是由于libssl调用X509_verify_cert()函数来验证服务器提供的证书时，被OpenSSL错误处理。攻击者可以利用该漏洞导致程序无法正确运行，例如可能会导致崩溃、无限循环或其他类似的错误响应。

Severity: 中

Patch Name: OpenSSL内存错误漏洞的补丁

Patch Description:

OpenSSL 3.0.0版本中存在内存错误漏洞。该漏洞是由于libssl调用X509_verify_cert()函数来验证服务器提供的证书时，被OpenSSL错误处理。攻击者可以利用该漏洞导致程序无法正确运行，例如可能会导致崩溃、无限循环或其他类似的错误响应。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.openssl.org/news/secadv/20211214.txt

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-4044

Impacted products

Name
OpenSSL Project OpenSSL 3.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-4044",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044"
    }
  },
  "description": "OpenSSL\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u5b89\u5168\u5957\u63a5\u5b57\u5c42\u5bc6\u7801\u5e93\uff0c\u5176\u56ca\u62ec\u4e86\u76ee\u524d\u4e3b\u6d41\u7684\u5bc6\u7801\u7b97\u6cd5\uff0c\u5e38\u7528\u7684\u5bc6\u94a5\uff0c\u8bc1\u4e66\u5c01\u88c5\u7ba1\u7406\u529f\u80fd\u4ee5\u53caSSL\u534f\u8bae\uff0c\u5e76\u63d0\u4f9b\u4e30\u5bcc\u7684\u5e94\u7528\u7a0b\u5e8f\u4f9b\u6d4b\u8bd5\u6212\u5176\u5b83\u76ee\u7684\u4f7f\u7528\u3002libssl\u5b9e\u73b0\u4e86SSL v2/v3\u548cTLS v1\u534f\u8bae\u3002\n\nOpenSSL 3.0.0\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8elibssl\u8c03\u7528X509_verify_cert()\u51fd\u6570\u6765\u9a8c\u8bc1\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u8bc1\u4e66\u65f6\uff0c\u88abOpenSSL\u9519\u8bef\u5904\u7406\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7a0b\u5e8f\u65e0\u6cd5\u6b63\u786e\u8fd0\u884c\uff0c\u4f8b\u5982\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5d29\u6e83\u3001\u65e0\u9650\u5faa\u73af\u6216\u5176\u4ed6\u7c7b\u4f3c\u7684\u9519\u8bef\u54cd\u5e94\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.openssl.org/news/secadv/20211214.txt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-101997",
  "openTime": "2021-12-24",
  "patchDescription": "OpenSSL\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u5b89\u5168\u5957\u63a5\u5b57\u5c42\u5bc6\u7801\u5e93\uff0c\u5176\u56ca\u62ec\u4e86\u76ee\u524d\u4e3b\u6d41\u7684\u5bc6\u7801\u7b97\u6cd5\uff0c\u5e38\u7528\u7684\u5bc6\u94a5\uff0c\u8bc1\u4e66\u5c01\u88c5\u7ba1\u7406\u529f\u80fd\u4ee5\u53caSSL\u534f\u8bae\uff0c\u5e76\u63d0\u4f9b\u4e30\u5bcc\u7684\u5e94\u7528\u7a0b\u5e8f\u4f9b\u6d4b\u8bd5\u6212\u5176\u5b83\u76ee\u7684\u4f7f\u7528\u3002libssl\u5b9e\u73b0\u4e86SSL v2/v3\u548cTLS v1\u534f\u8bae\u3002\r\n\r\nOpenSSL 3.0.0\u7248\u672c\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8elibssl\u8c03\u7528X509_verify_cert()\u51fd\u6570\u6765\u9a8c\u8bc1\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u8bc1\u4e66\u65f6\uff0c\u88abOpenSSL\u9519\u8bef\u5904\u7406\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7a0b\u5e8f\u65e0\u6cd5\u6b63\u786e\u8fd0\u884c\uff0c\u4f8b\u5982\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5d29\u6e83\u3001\u65e0\u9650\u5faa\u73af\u6216\u5176\u4ed6\u7c7b\u4f3c\u7684\u9519\u8bef\u54cd\u5e94\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenSSL\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "OpenSSL Project OpenSSL 3.0.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044",
  "serverity": "\u4e2d",
  "submitTime": "2021-12-17",
  "title": "OpenSSL\u5185\u5b58\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2021-4044 (GCVE-0-2021-4044)

Vulnerability from cvelistv5

Published

2021-12-14 18:40

Modified

2024-09-17 03:17

Severity ?

CWE

Invalid error handling

Summary

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20211214.txt	x_refsource_CONFIRM
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20211229-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: Fixed in OpenSSL 3.0.1 (Affected 3.0.0)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:03.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20211214.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tobias Nie\u00dfen"
        }
      ],
      "datePublic": "2021-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Invalid error handling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-29T20:06:26",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20211214.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
        }
      ],
      "title": "Invalid handling of X509_verify_cert() internal errors in libssl",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2021-12-14",
          "ID": "CVE-2021-4044",
          "STATE": "PUBLIC",
          "TITLE": "Invalid handling of X509_verify_cert() internal errors in libssl"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 3.0.1 (Affected 3.0.0)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tobias Nie\u00dfen"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Invalid error handling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openssl.org/news/secadv/20211214.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20211214.txt"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211229-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211229-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-4044",
    "datePublished": "2021-12-14T18:40:11.901374Z",
    "dateReserved": "2021-12-02T00:00:00",
    "dateUpdated": "2024-09-17T03:17:39.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted