CVE-2021-23841

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23841
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23841.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-23841
Aliases
Downstream
Related
Published
2021-02-16T17:15:13.377Z
Modified
2026-02-04T05:20:06.103243Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The OpenSSL public API function X509issuerandserialhash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509issuerandserialhash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

References

Affected packages

Git / github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Fixed
7ed30a748964c009d4909cb8b4b22036ebdef239
Introduced
ca94b993454c86be248fbe180db94647488114e9
Fixed
7ed30a748964c009d4909cb8b4b22036ebdef239
Fixed
e5d189ecb9465f4be6235109dd3dbcaab01ddc53

Affected versions

mysql-5.*
mysql-5.5.63
mysql-5.6.43
mysql-5.6.45
mysql-5.6.46
mysql-5.6.47
mysql-5.6.48
mysql-5.6.49
mysql-5.6.50
mysql-5.7.25
mysql-5.7.26
mysql-5.7.27
mysql-5.7.28
mysql-5.7.29
mysql-5.7.30
mysql-5.7.31
mysql-5.7.32
mysql-8.*
mysql-8.0.15
mysql-8.0.16
mysql-8.0.17
mysql-8.0.18
mysql-8.0.19
mysql-8.0.20
mysql-8.0.21
mysql-8.0.22
mysql-cluster-7.*
mysql-cluster-7.2.37
mysql-cluster-7.2.38
mysql-cluster-7.2.39
mysql-cluster-7.2.40
mysql-cluster-7.3.23
mysql-cluster-7.3.24
mysql-cluster-7.3.25
mysql-cluster-7.3.26
mysql-cluster-7.3.27
mysql-cluster-7.3.28
mysql-cluster-7.3.29
mysql-cluster-7.3.30
mysql-cluster-7.3.31
mysql-cluster-7.4.23
mysql-cluster-7.4.24
mysql-cluster-7.4.25
mysql-cluster-7.4.26
mysql-cluster-7.4.27
mysql-cluster-7.4.28
mysql-cluster-7.4.29
mysql-cluster-7.4.30
mysql-cluster-7.5.12
mysql-cluster-7.5.13
mysql-cluster-7.5.14
mysql-cluster-7.5.15
mysql-cluster-7.5.16
mysql-cluster-7.5.17
mysql-cluster-7.5.18
mysql-cluster-7.5.19
mysql-cluster-7.5.20
mysql-cluster-7.6.10
mysql-cluster-7.6.11
mysql-cluster-7.6.12
mysql-cluster-7.6.13
mysql-cluster-7.6.14
mysql-cluster-7.6.15
mysql-cluster-7.6.16
mysql-cluster-7.6.8
mysql-cluster-7.6.9
mysql-cluster-8.*
mysql-cluster-8.0.16
mysql-cluster-8.0.18
mysql-cluster-8.0.19
mysql-cluster-8.0.20
mysql-cluster-8.0.21
mysql-cluster-8.0.22

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "include/welcome_copyright_notice.h"
        },
        "source": "https://github.com/mysql/mysql-server/commit/e5d189ecb9465f4be6235109dd3dbcaab01ddc53",
        "id": "CVE-2021-23841-a59356ae",
        "digest": {
            "line_hashes": [
                "286756561296075042237231219649184368171",
                "302896255058266923472696425836035569717",
                "300297427993859605007554044173966498739",
                "175565100923089660637647648328373853699",
                "71802579880224164103266412744806334599",
                "315666916814277685292192961936838231932",
                "198092292660585766502869236426726266894",
                "162640942130416387239939759911226756525"
            ],
            "threshold": 0.9
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23841.json"

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bf059c2efc4db5c09970fd3d2c392432b0ac6a12

Affected versions

Other
BEFORE_engine
BEN_FIPS_TEST_7
BEN_FIPS_TEST_8
FIPS_TEST_10
FIPS_TEST_9
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_0_9_7
OpenSSL_0_9_7-beta1
OpenSSL_0_9_7-beta2
OpenSSL_0_9_7-beta3
OpenSSL_0_9_7-beta4
OpenSSL_0_9_7-beta6
OpenSSL_0_9_7a
OpenSSL_0_9_7b
OpenSSL_0_9_7c
OpenSSL_0_9_7e
OpenSSL_0_9_7f
OpenSSL_0_9_7g
OpenSSL_0_9_7h
OpenSSL_0_9_7i

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23841.json"