{"api_version":"1","generated_at":"2026-04-22T22:49:59+00:00","cve":"CVE-2021-23841","urls":{"html":"https://cve.report/CVE-2021-23841","api":"https://cve.report/api/cve/CVE-2021-23841.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-23841","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-23841"},"summary":{"title":"CVE-2021-23841","description":"The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).","state":"PUBLIC","assigner":"openssl-security@openssl.org","published_at":"2021-02-16 17:15:00","updated_at":"2023-11-07 03:30:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807","name":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807","refsource":"","tags":[],"title":"git.openssl.org Git","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf","name":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf","refsource":"","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20210513-0002/","name":"https://security.netapp.com/advisory/ntap-20210513-0002/","refsource":"CONFIRM","tags":[],"title":"April 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846","name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846","refsource":"CONFIRM","tags":[],"title":"Public KB - SA44846 - OpenSSL Security Advisory CVE-2021-23841","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT212529","name":"https://support.apple.com/kb/HT212529","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Big Sur 11.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","refsource":"CONFIRM","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT212528","name":"https://support.apple.com/kb/HT212528","refsource":"CONFIRM","tags":[],"title":"About the security content of iOS 14.6 and iPadOS 14.6 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202103-03","name":"GLSA-202103-03","refsource":"GENTOO","tags":[],"title":"OpenSSL: Multiple vulnerabilities (GLSA 202103-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","name":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - October 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.tenable.com/security/tns-2021-09","name":"https://www.tenable.com/security/tns-2021-09","refsource":"CONFIRM","tags":[],"title":"[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT212534","name":"https://support.apple.com/kb/HT212534","refsource":"CONFIRM","tags":[],"title":"About the security content of Safari 14.1.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.tenable.com/security/tns-2021-03","name":"https://www.tenable.com/security/tns-2021-03","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"[R1] Stand-alone Security Patches Available for Tenable.sc versions 5.13.0 to 5.17.0 - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2021/May/68","name":"20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-05-25-5 Safari 14.1.1","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2021/May/67","name":"20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20210219-0009/","name":"https://security.netapp.com/advisory/ntap-20210219-0009/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"February 2021 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2021/May/70","name":"20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-05-25-2 macOS Big Sur 11.4","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.openssl.org/news/secadv/20210216.txt","name":"https://www.openssl.org/news/secadv/20210216.txt","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4855","name":"DSA-4855","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4855-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-23841","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23841","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Tavis Ormandy (Google)","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipad_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_workflow_automation","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"snapcenter","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"business_intelligence","cpe6":"12.2.1.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"business_intelligence","cpe6":"12.2.1.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"business_intelligence","cpe6":"5.5.0.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"business_intelligence","cpe6":"5.9.0.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_policy","cpe6":"1.15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"enterprise_manager_for_storage_management","cpe6":"13.4.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"enterprise_manager_ops_center","cpe6":"12.4.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"essbase","cpe6":"21.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"graalvm","cpe6":"19.3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"graalvm","cpe6":"20.3.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"graalvm","cpe6":"21.0.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jd_edwards_world_security","cpe6":"a9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_enterprise_monitor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise_peopletools","cpe6":"8.57","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise_peopletools","cpe6":"8.58","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"peoplesoft_enterprise_peopletools","cpe6":"8.59","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"zfs_storage_appliance_kit","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_ins","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_ins","cpe6":"1.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_ins","cpe6":"1.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"nessus_network_monitor","cpe6":"5.11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"nessus_network_monitor","cpe6":"5.11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"nessus_network_monitor","cpe6":"5.12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"nessus_network_monitor","cpe6":"5.12.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"nessus_network_monitor","cpe6":"5.13.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23841","vulnerable":"1","versionEndIncluding":"5.17.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"tenable.sc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-23841","qid":"159414","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-3798)"},{"cve":"CVE-2021-23841","qid":"159423","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9478)"},{"cve":"CVE-2021-23841","qid":"159438","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9528)"},{"cve":"CVE-2021-23841","qid":"159512","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-4424)"},{"cve":"CVE-2021-23841","qid":"159562","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9561)"},{"cve":"CVE-2021-23841","qid":"174786","title":"SUSE Enterprise Linux Security update for openssl-1_1 (SUSE-SU-2021:0754-1)"},{"cve":"CVE-2021-23841","qid":"174789","title":"SUSE Enterprise Linux Security update for openssl-1_0_0 (SUSE-SU-2021:0769-1)"},{"cve":"CVE-2021-23841","qid":"174794","title":"SUSE Enterprise Linux Security update for compat-openssl098 (SUSE-SU-2021:0793-1)"},{"cve":"CVE-2021-23841","qid":"174839","title":"SUSE Enterprise Linux Security update for openssl (SUSE-SU-2021:0939-1)"},{"cve":"CVE-2021-23841","qid":"174858","title":"SUSE Enterprise Linux Security update for openssl (SUSE-SU-2021:0939-1)"},{"cve":"CVE-2021-23841","qid":"179583","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23841)"},{"cve":"CVE-2021-23841","qid":"20221","title":"Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021)"},{"cve":"CVE-2021-23841","qid":"239678","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:3798)"},{"cve":"CVE-2021-23841","qid":"239793","title":"Red Hat Update for edk2 security (RHSA-2021:4198)"},{"cve":"CVE-2021-23841","qid":"239823","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:4424)"},{"cve":"CVE-2021-23841","qid":"239865","title":"Red Hat Update for red hat jboss core services apache Hypertext Transfer Protocol (HTTP) server 2.4.37 sp10 (RHSA-2021:4614)"},{"cve":"CVE-2021-23841","qid":"257128","title":"CentOS Security Update for Open Secure Sockets Layer (OpenSSL) (CESA-2021:3798)"},{"cve":"CVE-2021-23841","qid":"296053","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)"},{"cve":"CVE-2021-23841","qid":"296067","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)"},{"cve":"CVE-2021-23841","qid":"330081","title":"IBM AIX Multiple Vulnerabilities in Openssl (openssl_advisory33)"},{"cve":"CVE-2021-23841","qid":"352246","title":"Amazon Linux Security Advisory for openssl11: ALAS2-2021-1612"},{"cve":"CVE-2021-23841","qid":"352296","title":"Amazon Linux Security Update for Open Secure Sockets Layer (OpenSSL): AL2012-2021-339"},{"cve":"CVE-2021-23841","qid":"357333","title":"Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502"},{"cve":"CVE-2021-23841","qid":"375587","title":"Apple Safari Multiple Vulnerabilities (HT212534)"},{"cve":"CVE-2021-23841","qid":"375588","title":"Apple MacOS Big Sur 11.4 Not Installed (HT212529)"},{"cve":"CVE-2021-23841","qid":"377475","title":"Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2021:0056)"},{"cve":"CVE-2021-23841","qid":"379452","title":"IBM Cognos Analytics Multiple Vulnerabilities (7123154)"},{"cve":"CVE-2021-23841","qid":"38845","title":"Pulse Connect Secure and Pulse Policy Secure Multiple Vulnerabilities (SA44846)"},{"cve":"CVE-2021-23841","qid":"500497","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2021-23841","qid":"500565","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2021-23841","qid":"500764","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2021-23841","qid":"501164","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2021-23841","qid":"501983","title":"Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)"},{"cve":"CVE-2021-23841","qid":"502902","title":"Alpine Linux Security Update for openssl1.1-compat"},{"cve":"CVE-2021-23841","qid":"504256","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2021-23841","qid":"591311","title":"Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)"},{"cve":"CVE-2021-23841","qid":"610342","title":"Apple iOS 14.6 and iPadOS 14.6 Security Update Missing"},{"cve":"CVE-2021-23841","qid":"670250","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL098e) (EulerOS-SA-2021-1826)"},{"cve":"CVE-2021-23841","qid":"670251","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1825)"},{"cve":"CVE-2021-23841","qid":"670315","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL11d) (EulerOS-SA-2021-1909)"},{"cve":"CVE-2021-23841","qid":"670316","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL098e) (EulerOS-SA-2021-1908)"},{"cve":"CVE-2021-23841","qid":"670317","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1907)"},{"cve":"CVE-2021-23841","qid":"670342","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1882)"},{"cve":"CVE-2021-23841","qid":"670369","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1956)"},{"cve":"CVE-2021-23841","qid":"670390","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1935)"},{"cve":"CVE-2021-23841","qid":"670658","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2416)"},{"cve":"CVE-2021-23841","qid":"670659","title":"EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) openssl098e (EulerOS-SA-2021-2417)"},{"cve":"CVE-2021-23841","qid":"670660","title":"EulerOS Security Update for Open Secure Sockets Layer110f (openssl110f) (EulerOS-SA-2021-2418)"},{"cve":"CVE-2021-23841","qid":"670698","title":"EulerOS Security Update for Compat-Open Secure Sockets Layer10 (compat-openssl10) (EulerOS-SA-2021-2456)"},{"cve":"CVE-2021-23841","qid":"670784","title":"EulerOS Security Update for shim (EulerOS-SA-2021-2542)"},{"cve":"CVE-2021-23841","qid":"670808","title":"EulerOS Security Update for shim (EulerOS-SA-2021-2566)"},{"cve":"CVE-2021-23841","qid":"690151","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (56ba4513-a1be-11eb-9072-d4c9ef517024)"},{"cve":"CVE-2021-23841","qid":"710009","title":"Gentoo Linux OpenSSL Multiple Vulnerabilities (GLSA 202103-03)"},{"cve":"CVE-2021-23841","qid":"730228","title":"McAfee Web Gateway Multiple Vulnerabilities (WP-3445, WP-3483, WP-3527, WP-3528, WP-3547, WP-3584,WP-3589,WP-3611)"},{"cve":"CVE-2021-23841","qid":"750308","title":"OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2021:0430-1)"},{"cve":"CVE-2021-23841","qid":"750310","title":"OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2021:0427-1)"},{"cve":"CVE-2021-23841","qid":"940020","title":"AlmaLinux Security Update for edk2 (ALSA-2021:4198)"},{"cve":"CVE-2021-23841","qid":"940234","title":"AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2021:4424)"},{"cve":"CVE-2021-23841","qid":"960698","title":"Rocky Linux Security Update for edk2 (RLSA-2021:4198)"},{"cve":"CVE-2021-23841","qid":"960795","title":"Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2021:4424)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"openssl-security@openssl.org","DATE_PUBLIC":"2021-02-16","ID":"CVE-2021-23841","STATE":"PUBLIC","TITLE":"Null pointer deref in X509_issuer_and_serial_hash()"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_value":"Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)"},{"version_value":"Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)"}]}}]},"vendor_name":"OpenSSL"}]}},"credit":[{"lang":"eng","value":"Tavis Ormandy (Google)"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."}]},"impact":[{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Moderate","value":"Moderate"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"NULL pointer dereference"}]}]},"references":{"reference_data":[{"name":"https://www.openssl.org/news/secadv/20210216.txt","refsource":"CONFIRM","url":"https://www.openssl.org/news/secadv/20210216.txt"},{"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf","refsource":"CONFIRM","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf"},{"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807","refsource":"CONFIRM","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"},{"refsource":"DEBIAN","name":"DSA-4855","url":"https://www.debian.org/security/2021/dsa-4855"},{"refsource":"GENTOO","name":"GLSA-202103-03","url":"https://security.gentoo.org/glsa/202103-03"},{"refsource":"FULLDISC","name":"20210526 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4","url":"http://seclists.org/fulldisclosure/2021/May/70"},{"refsource":"FULLDISC","name":"20210526 APPLE-SA-2021-05-25-5 Safari 14.1.1","url":"http://seclists.org/fulldisclosure/2021/May/68"},{"refsource":"FULLDISC","name":"20210526 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6","url":"http://seclists.org/fulldisclosure/2021/May/67"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"refsource":"CONFIRM","name":"https://www.tenable.com/security/tns-2021-09","url":"https://www.tenable.com/security/tns-2021-09"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210513-0002/","url":"https://security.netapp.com/advisory/ntap-20210513-0002/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210219-0009/","url":"https://security.netapp.com/advisory/ntap-20210219-0009/"},{"refsource":"CONFIRM","name":"https://www.tenable.com/security/tns-2021-03","url":"https://www.tenable.com/security/tns-2021-03"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT212529","url":"https://support.apple.com/kb/HT212529"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT212528","url":"https://support.apple.com/kb/HT212528"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT212534","url":"https://support.apple.com/kb/HT212534"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"MISC","name":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"refsource":"CONFIRM","name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846","url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"}]}},"nvd":{"publishedDate":"2021-02-16 17:15:00","lastModifiedDate":"2023-11-07 03:30:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2y","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1j","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13.0","versionEndIncluding":"5.17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1","versionEndExcluding":"11.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"14.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"14.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.15","versionEndExcluding":"8.0.23","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.33","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.23","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"23841","Ordinal":"198581","Title":"CVE-2021-23841","CVE":"CVE-2021-23841","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"23841","Ordinal":"1","NoteData":"The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).","Type":"Description","Title":null},{"CveYear":"2021","CveId":"23841","Ordinal":"2","NoteData":"2021-02-16","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"23841","Ordinal":"3","NoteData":"2021-10-20","Type":"Other","Title":"Modified"}]}}}