On Fri, Mar 26, 2021 at 12:05:23AM +0000, FreeBSD Security Advisories wrote: > A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omits > the signature_algorithms extension (where it was present in the initial > ClientHello), but includes a signature_algorithms_cert extension results in a > NULL pointer dereference in the server. [CVE-2021-3449] > > III. Impact > > The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that > non-CA certificates must not be able to issue other certificates. > > The renegotiation issue can result in a crash and a denial of service attack.
Hey all, Has anyone looked at if/how setting map_at_zero=1 impacts the null ptr deref issue? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
