CVE-2021-4044

Name of the Vulnerable Software and Affected Versions OpenSSL version 3.0.0 OpenSSL versions prior to 3.0.1

Description The issue is related to the mishandling of internal errors by the X509 verify cert() function in OpenSSL. This function may return a negative value to indicate an internal error, such as out of memory. However, OpenSSL mishandles this negative return value, causing IO functions like SSL connect() or SSL do handshake() to not indicate success. As a result, a subsequent call to SSL get error() returns the value SSL ERROR WANT RETRY VERIFY, which is unexpected for most applications. This can lead to crashes, infinite loops, or other incorrect responses, depending on the application. The issue is more serious when combined with a separate bug in OpenSSL 3.0 that causes X509 verify cert() to indicate an internal error when processing a certificate chain without the Subject Alternative Name extension but with enforced name constraints by a Certificate Authority.

Recommendations For OpenSSL version 3.0.0, update to version 3.0.1 to fix the issue. For versions prior to 3.0.1, update to version 3.0.1 or a later version to resolve the issue. As a temporary workaround, consider disabling the X509 verify cert() function until a patch is available. Restrict access to the vulnerable SSL connect() and SSL do handshake() functions to minimize the risk of exploitation. Avoid using the SSL ERROR WANT RETRY VERIFY return value from SSL get error() until the issue is resolved.