DescriptionAn OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)buster1.1.1n-0+deb10u3fixed
buster (security)1.1.1n-0+deb10u6fixed
bullseye (security)1.1.1n-0+deb11u5fixed
bookworm, bookworm (security)3.0.11-1~deb12u2fixed
sid, trixie3.2.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsourcestretch(not affected)
openssl1.0source(unstable)(not affected)


[stretch] - openssl <not-affected> (Vulnerable code introduced later)
- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
Introduced by:;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319 (OpenSSL_1_1_1-pre1)
Prerequisite (test):;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
Fixed by:;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148 (OpenSSL_1_1_1k)

Search for package or bug name: Reporting problems