cnvd - cnvd-2021-14754

cnvd-2021-14754

Vulnerability from cnvd

Title: OpenSSL输入验证错误漏洞

Description:

OpenSSL是用于传输层安全性（TLS）和安全套接字层（SSL）协议的功能强大的，商业级且功能齐全的工具包。它也是一个通用密码库。

OpenSSL public API 存在输入验证错误漏洞，该漏洞源于X509_issuer_and_serial_hash函数不能正确处理解析issuer字段时可能发生的任何错误。目前没有详细的漏洞细节提供。

Severity: 中

Patch Name: OpenSSL输入验证错误漏洞的补丁

Patch Description:

OpenSSL是用于传输层安全性（TLS）和安全套接字层（SSL）协议的功能强大的，商业级且功能齐全的工具包。它也是一个通用密码库。

OpenSSL public API 存在输入验证错误漏洞，该漏洞源于X509_issuer_and_serial_hash函数不能正确处理解析issuer字段时可能发生的任何错误。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.openssl.org/news/secadv/20210216.txt

Reference: https://www.debian.org/security/2021/dsa-4855; https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947949; https://security-tracker.debian.org/tracker/CVE-2019-1551; https://security-tracker.debian.org/tracker/CVE-2021-23840; https://security-tracker.debian.org/tracker/CVE-2021-23841

Impacted products

Name
OpenSSL Project OpenSSL 无

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23841",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841"
    }
  },
  "description": "OpenSSL\u662f\u7528\u4e8e\u4f20\u8f93\u5c42\u5b89\u5168\u6027\uff08TLS\uff09\u548c\u5b89\u5168\u5957\u63a5\u5b57\u5c42\uff08SSL\uff09\u534f\u8bae\u7684\u529f\u80fd\u5f3a\u5927\u7684\uff0c\u5546\u4e1a\u7ea7\u4e14\u529f\u80fd\u9f50\u5168\u7684\u5de5\u5177\u5305\u3002\u5b83\u4e5f\u662f\u4e00\u4e2a\u901a\u7528\u5bc6\u7801\u5e93\u3002\n\nOpenSSL public API \u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eX509_issuer_and_serial_hash\u51fd\u6570\u4e0d\u80fd\u6b63\u786e\u5904\u7406\u89e3\u6790issuer\u5b57\u6bb5\u65f6\u53ef\u80fd\u53d1\u751f\u7684\u4efb\u4f55\u9519\u8bef\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.openssl.org/news/secadv/20210216.txt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-14754",
  "openTime": "2021-03-05",
  "patchDescription": "OpenSSL\u662f\u7528\u4e8e\u4f20\u8f93\u5c42\u5b89\u5168\u6027\uff08TLS\uff09\u548c\u5b89\u5168\u5957\u63a5\u5b57\u5c42\uff08SSL\uff09\u534f\u8bae\u7684\u529f\u80fd\u5f3a\u5927\u7684\uff0c\u5546\u4e1a\u7ea7\u4e14\u529f\u80fd\u9f50\u5168\u7684\u5de5\u5177\u5305\u3002\u5b83\u4e5f\u662f\u4e00\u4e2a\u901a\u7528\u5bc6\u7801\u5e93\u3002\r\n\r\nOpenSSL public API \u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eX509_issuer_and_serial_hash\u51fd\u6570\u4e0d\u80fd\u6b63\u786e\u5904\u7406\u89e3\u6790issuer\u5b57\u6bb5\u65f6\u53ef\u80fd\u53d1\u751f\u7684\u4efb\u4f55\u9519\u8bef\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenSSL\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "OpenSSL Project OpenSSL \u65e0"
  },
  "referenceLink": "https://www.debian.org/security/2021/dsa-4855; https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947949; https://security-tracker.debian.org/tracker/CVE-2019-1551; https://security-tracker.debian.org/tracker/CVE-2021-23840; https://security-tracker.debian.org/tracker/CVE-2021-23841",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-04",
  "title": "OpenSSL\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2021-23841 (GCVE-0-2021-23841)

Vulnerability from cvelistv5

Published

2021-02-16 16:55

Modified

2024-09-16 22:39

Severity ?

CWE

NULL pointer dereference

Summary

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20210216.txt
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
	https://www.debian.org/security/2021/dsa-4855	vendor-advisory
	https://security.gentoo.org/glsa/202103-03	vendor-advisory
	http://seclists.org/fulldisclosure/2021/May/70	mailing-list
	http://seclists.org/fulldisclosure/2021/May/68	mailing-list
	http://seclists.org/fulldisclosure/2021/May/67	mailing-list
	https://www.oracle.com/security-alerts/cpuApr2021.html
	https://www.tenable.com/security/tns-2021-09
	https://security.netapp.com/advisory/ntap-20210513-0002/
	https://security.netapp.com/advisory/ntap-20210219-0009/
	https://www.tenable.com/security/tns-2021-03
	https://support.apple.com/kb/HT212529
	https://support.apple.com/kb/HT212528
	https://support.apple.com/kb/HT212534
	https://www.oracle.com//security-alerts/cpujul2021.html
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i) Version: Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-23841",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T20:18:08.118870Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T20:18:17.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:09.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210216.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
          },
          {
            "name": "DSA-4855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4855"
          },
          {
            "name": "GLSA-202103-03",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202103-03"
          },
          {
            "name": "20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/May/70"
          },
          {
            "name": "20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/May/68"
          },
          {
            "name": "20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/May/67"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212529"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212528"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212534"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tavis Ormandy (Google)"
        }
      ],
      "datePublic": "2021-02-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NULL pointer dereference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:57.206585",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210216.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
        },
        {
          "name": "DSA-4855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4855"
        },
        {
          "name": "GLSA-202103-03",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202103-03"
        },
        {
          "name": "20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/May/70"
        },
        {
          "name": "20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/May/68"
        },
        {
          "name": "20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/May/67"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-03"
        },
        {
          "url": "https://support.apple.com/kb/HT212529"
        },
        {
          "url": "https://support.apple.com/kb/HT212528"
        },
        {
          "url": "https://support.apple.com/kb/HT212534"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "Null pointer deref in X509_issuer_and_serial_hash()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-23841",
    "datePublished": "2021-02-16T16:55:18.817258Z",
    "dateReserved": "2021-01-12T00:00:00",
    "dateUpdated": "2024-09-16T22:39:57.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted