CVE-2021-23841

Published on: 02/16/2021 12:00:00 AM UTC

Last Modified on: 10/20/2021 11:16:00 AM UTC

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Ipad Os from Apple contain the following vulnerability:

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

  • CVE-2021-23841 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo OpenSSL - OpenSSL version Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)
  • Affected Vendor/Software: URL Logo OpenSSL - OpenSSL version Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
April 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20210513-0002/
Public KB - SA44846 - OpenSSL Security Advisory CVE-2021-23841 kb.pulsesecure.net
text/html
URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
About the security content of macOS Big Sur 11.4 - Apple Support support.apple.com
text/html
URL Logo CONFIRM support.apple.com/kb/HT212529
Oracle Critical Patch Update Advisory - July 2021 www.oracle.com
text/html
URL Logo MISC www.oracle.com//security-alerts/cpujul2021.html
About the security content of iOS 14.6 and iPadOS 14.6 - Apple Support support.apple.com
text/html
URL Logo CONFIRM support.apple.com/kb/HT212528
OpenSSL: Multiple vulnerabilities (GLSA 202103-03) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-202103-03
Oracle Critical Patch Update Advisory - October 2021 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpuoct2021.html
[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2021-09
About the security content of Safari 14.1.1 - Apple Support support.apple.com
text/html
URL Logo CONFIRM support.apple.com/kb/HT212534
[R1] Stand-alone Security Patches Available for Tenable.sc versions 5.13.0 to 5.17.0 - Security Advisory | Tenable® Third Party Advisory
www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2021-03
Full Disclosure: APPLE-SA-2021-05-25-5 Safari 14.1.1 seclists.org
text/html
URL Logo FULLDISC 20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1
git.openssl.org Git - openssl.git/commitdiff Vendor Advisory
git.openssl.org
text/xml
Inactive LinkNot Archived
URL Logo CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
Full Disclosure: APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6 seclists.org
text/html
URL Logo FULLDISC 20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6
February 2021 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security Third Party Advisory
security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20210219-0009/
git.openssl.org Git - openssl.git/commitdiff Patch
Vendor Advisory
git.openssl.org
text/xml
URL Logo CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
Full Disclosure: APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 seclists.org
text/html
URL Logo FULLDISC 20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
Vendor Advisory
www.openssl.org
text/plain
URL Logo CONFIRM www.openssl.org/news/secadv/20210216.txt
Oracle Critical Patch Update Advisory - April 2021 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpuApr2021.html
Debian -- Security Information -- DSA-4855-1 openssl Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-4855

Related QID Numbers

  • 159414 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-3798)
  • 159423 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9478)
  • 174786 SUSE Enterprise Linux Security update for openssl-1_1 (SUSE-SU-2021:0754-1)
  • 174789 SUSE Enterprise Linux Security update for openssl-1_0_0 (SUSE-SU-2021:0769-1)
  • 174794 SUSE Enterprise Linux Security update for compat-openssl098 (SUSE-SU-2021:0793-1)
  • 174839 SUSE Enterprise Linux Security update for openssl (SUSE-SU-2021:0939-1)
  • 174858 SUSE Enterprise Linux Security update for openssl (SUSE-SU-2021:0939-1)
  • 20221 Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021)
  • 239678 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:3798)
  • 296053 Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)
  • 330081 IBM AIX Multiple Vulnerabilities in Openssl (openssl_advisory33)
  • 352246 Amazon Linux Security Advisory for openssl11: ALAS2-2021-1612
  • 352296 Amazon Linux Security Update for Open Secure Sockets Layer (OpenSSL): AL2012-2021-339
  • 375587 Apple Safari Multiple Vulnerabilities (HT212534)
  • 375588 Apple MacOS Big Sur 11.4 Not Installed (HT212529)
  • 38845 Pulse Connect Secure and Pulse Policy Secure Multiple Vulnerabilities (SA44846)
  • 610342 Apple iOS 14.6 and iPadOS 14.6 Security Update Missing
  • 670250 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL098e) (EulerOS-SA-2021-1826)
  • 670251 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1825)
  • 670315 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL11d) (EulerOS-SA-2021-1909)
  • 670316 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL098e) (EulerOS-SA-2021-1908)
  • 670317 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1907)
  • 670342 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1882)
  • 670369 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1956)
  • 670390 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1935)
  • 670658 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2416)
  • 670659 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) openssl098e (EulerOS-SA-2021-2417)
  • 670660 EulerOS Security Update for Open Secure Sockets Layer110f (openssl110f) (EulerOS-SA-2021-2418)
  • 670698 EulerOS Security Update for compat-openssl10 (EulerOS-SA-2021-2456)
  • 670784 EulerOS Security Update for shim (EulerOS-SA-2021-2542)
  • 670808 EulerOS Security Update for shim (EulerOS-SA-2021-2566)
  • 710009 Gentoo Linux OpenSSL Multiple Vulnerabilities (GLSA 202103-03)
  • 730228 McAfee Web Gateway Multiple Vulnerabilities (WP-3445, WP-3483, WP-3527, WP-3528, WP-3547, WP-3584,WP-3589,WP-3611)
  • 750308 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2021:0430-1)
  • 750310 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2021:0427-1)

Exploit/POC from Github

PoC for exploiting CVE-2021-23841

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
AppleIpad OsAllAllAllAll
Operating
System
AppleIphone OsAllAllAllAll
Operating
System
AppleMacosAllAllAllAll
ApplicationAppleSafariAllAllAllAll
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux10.0AllAllAll
ApplicationNetappOncommand Insight-AllAllAll
ApplicationNetappOncommand Workflow Automation-AllAllAll
ApplicationNetappSnapcenter-AllAllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationOracleEnterprise Manager Ops Center12.4.0.0AllAllAll
ApplicationOracleGraalvm19.3.5AllAllAll
ApplicationOracleGraalvm20.3.1.2AllAllAll
ApplicationOracleGraalvm21.0.0.2AllAllAll
ApplicationOracleMysql Enterprise MonitorAllAllAllAll
ApplicationOracleMysql ServerAllAllAllAll
ApplicationTenableNessus Network Monitor5.11.0AllAllAll
ApplicationTenableNessus Network Monitor5.11.1AllAllAll
ApplicationTenableNessus Network Monitor5.12.0AllAllAll
ApplicationTenableNessus Network Monitor5.12.1AllAllAll
ApplicationTenableNessus Network Monitor5.13.0AllAllAll
ApplicationTenableTenable.scAllAllAllAll
  • cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*:

Discovery Credit

Tavis Ormandy (Google)

Social Mentions

Source Title Posted (UTC)
Twitter Icon @nae2sho コマンドライン専用メール送信アプリ SMAIL v4.28 openSSL 1.1.1kにライブラリをバージョンアップ、 脆弱性対応しました。 (CVE-2021-23841、CVE-2021-23840) ※本アプリはGMA… twitter.com/i/web/status/1… 2021-04-03 01:34:12
Twitter Icon @kai_ri_0001 AXIS M3058 と P3807-PVE のfirmwareは10.5に成り、 OpenSSL upgraded to 1.1.1j to fix CVE-2021-23841 and CVE-2021-23840. だそうだ。 2021-05-21 10:08:42
Reddit Logo Icon /r/synology SRM 1.2.5 Released; up to 47% increase in SSL VPN performance 2021-05-11 18:51:58
Reddit Logo Icon /r/unifi_versions UniFi OS - Dream Machines 1.10.0 2021-07-09 07:50:12
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report