RUSTSEC-2021-0055

NULL pointer deref in signature_algorithms processing

Issued
Package
openssl-src (crates.io)
Type
Vulnerability
Categories
  • denial-of-service
Aliases
Details
https://www.openssl.org/news/secadv/20210325.txt
Patched
  • >=111.15

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.

A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue.

More