CVE-2021-23839

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2s through 1.0.2x

Description: The issue arises when a client attempts to negotiate SSLv2 with a server that supports both SSLv2 and more recent SSL and TLS versions. A check for a version rollback attack is made when unpadding an RSA signature, but the implementation of this padding check has inverted logic. This means a server will accept a connection if a version rollback attack has occurred and erroneously reject a normal SSLv2 connection attempt. The underlying error is in the implementation of the RSA padding check SSLv23() function, which also affects the RSA SSLV23 PADDING padding mode used by various other functions.

Recommendations: For OpenSSL versions 1.0.2s through 1.0.2x, premium support customers should upgrade to 1.0.2y. For other users of OpenSSL versions 1.0.2s through 1.0.2x, upgrade to 1.1.1j.