OpenSSL released fixes for two high-severity security flaws, tracked as CVE-2021-3449 and CVE-2021-3450. The CVE-2021-3449 affects all OpenSSL 1.1.1 versions and the CVE-2021-3450 affects OpenSSL versions 1.1.1h and newer. The updated version OpenSSL 1.1.1k addresses both vulnerabilities.
DDoS and certification bypass
CVE-2021-3450 flaw is related to an X509_V_FLAG_X509_STRICT flag. OpenSSL said,
“The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates.”
CVE-2021-3449 flaw is caused by TLS server crashing due to a maliciously crafted renegotiation ClientHello message from a client. OpenSSL said,
“If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension, but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled.”