Denial of Service : OpenSSL: Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.145403

Categoría: Denial of Service

Título: OpenSSL: Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) - Linux

Resumen: OpenSSL is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
OpenSSL is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to
create a unique hash value based on the issuer and serial number data contained within an X509 certificate.
However it fails to correctly handle any errors that may occur while parsing the issuer field (which might
occur if the issuer field is maliciously constructed).

Vulnerability Impact:
This vulnerability may subsequently result in a NULL pointer deref and a
crash leading to a potential denial of service attack.

Affected Software/OS:
OpenSSL version 1.0.2x and prior and 1.1.1i and prior.

Solution:
Update to version 1.0.2y, 1.1.1j or later. See the references for
more details.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-23841
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://security.netapp.com/advisory/ntap-20210219-0009/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://support.apple.com/kb/HT212528
https://support.apple.com/kb/HT212529
https://support.apple.com/kb/HT212534
https://www.openssl.org/news/secadv/20210216.txt
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
Debian Security Information: DSA-4855 (Google Search)
https://www.debian.org/security/2021/dsa-4855
http://seclists.org/fulldisclosure/2021/May/67
http://seclists.org/fulldisclosure/2021/May/70
http://seclists.org/fulldisclosure/2021/May/68
https://security.gentoo.org/glsa/202103-03
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.145403
Categoría:	Denial of Service
Título:	OpenSSL: Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) - Linux
Resumen:	OpenSSL is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). Vulnerability Impact: This vulnerability may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. Affected Software/OS: OpenSSL version 1.0.2x and prior and 1.1.1i and prior. Solution: Update to version 1.0.2y, 1.1.1j or later. See the references for more details. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-23841 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 https://security.netapp.com/advisory/ntap-20210219-0009/ https://security.netapp.com/advisory/ntap-20210513-0002/ https://support.apple.com/kb/HT212528 https://support.apple.com/kb/HT212529 https://support.apple.com/kb/HT212534 https://www.openssl.org/news/secadv/20210216.txt https://www.tenable.com/security/tns-2021-03 https://www.tenable.com/security/tns-2021-09 Debian Security Information: DSA-4855 (Google Search) https://www.debian.org/security/2021/dsa-4855 http://seclists.org/fulldisclosure/2021/May/67 http://seclists.org/fulldisclosure/2021/May/70 http://seclists.org/fulldisclosure/2021/May/68 https://security.gentoo.org/glsa/202103-03 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpuoct2021.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH