The OpenSSL project issued a security advisory on 25 March 2021 detailing two high-severity vulnerabilities:
CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
Summary: An error in the implementation of security checks enabled by the
X509_V_FLAG_X509_STRICT flag “meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates.”
This issue only affects applications that explicitly set the
X509_V_FLAG_X509_STRICT flag (not set by default) and “either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.”
This vulnerability affects OpenSSL verions 1.1.1h and newer, and users of these versions should upgrade to version 1.1.1k.
NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
Summary: This vulnerability allows an attacker to crash an OpenSSL TLS server by sending a maliciously crafted ClientHello message: “If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.”
A server is vulnerable if it has TLSv1.2 and renegotiation enabled, the default configuration. All OpenSSL 1.1.1 versions are affected by this issue, and users of these versions should upgrade to version 1.1.1k.