CVE-2021-23841
- Source
- https://cve.org/CVERecord?id=CVE-2021-23841
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23841.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-23841
- Aliases
- Downstream
- Related
- Published
- 2021-02-16T17:15:13.377Z
- Modified
- 2026-04-16T04:30:50.971793832Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The OpenSSL public API function X509issuerandserialhash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509issuerandserialhash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
- References
-
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
- http://seclists.org/fulldisclosure/2021/May/67
- http://seclists.org/fulldisclosure/2021/May/70
- https://support.apple.com/kb/HT212529
- https://www.debian.org/security/2021/dsa-4855
- https://www.openssl.org/news/secadv/20210216.txt
- https://www.tenable.com/security/tns-2021-09
- https://security.netapp.com/advisory/ntap-20210219-0009/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://support.apple.com/kb/HT212534
- https://www.tenable.com/security/tns-2021-03
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
- https://security.gentoo.org/glsa/202103-03
- https://security.netapp.com/advisory/ntap-20210513-0002/
- https://support.apple.com/kb/HT212528
- http://seclists.org/fulldisclosure/2021/May/68
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://www.oracle.com//security-alerts/cpujul2021.html
Affected packages
Git / github.com/graalvm/graalvm-ce-builds
Affected ranges
- Type
- GIT
- Repo
- https://github.com/graalvm/graalvm-ce-builds
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "21.2" }, { "introduced": "0" }, { "last_affected": "19.3.5" }, { "introduced": "0" }, { "last_affected": "20.3.1.2" }, { "introduced": "0" }, { "last_affected": "21.0.0.2" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "a9.4" }, { "introduced": "0" }, { "fixed": "8.0.23" }, { "introduced": "0" }, { "fixed": "5.7.33" }, { "introduced": "8.0.15" }, { "fixed": "8.0.23" } ] }
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "1.0.2" }, { "fixed": "1.0.2y" }, { "introduced": "1.1.1" }, { "fixed": "1.1.1j" }, { "introduced": "0" }, { "fixed": "1.0" }, { "introduced": "0" }, { "last_affected": "1.0-NA" }, { "introduced": "0" }, { "last_affected": "1.0-sp1" } ] }
Affected versions
Other
BEFORE_engine
BEN_FIPS_TEST_7
BEN_FIPS_TEST_8
FIPS_TEST_10
FIPS_TEST_9
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_0_9_7
OpenSSL_0_9_7-beta1
OpenSSL_0_9_7-beta2
OpenSSL_0_9_7-beta3
OpenSSL_0_9_7-beta4
OpenSSL_0_9_7-beta6
OpenSSL_0_9_7a
OpenSSL_0_9_7b
OpenSSL_0_9_7c
OpenSSL_0_9_7e
OpenSSL_0_9_7f
OpenSSL_0_9_7g
OpenSSL_0_9_7h
OpenSSL_0_9_7i
OpenSSL_1_0_1
OpenSSL_1_0_1-beta1
OpenSSL_1_0_1-beta2
OpenSSL_1_0_1-beta3
OpenSSL_1_0_1-post-auto-reformat
OpenSSL_1_0_1-post-reformat
OpenSSL_1_0_1-pre-auto-reformat
OpenSSL_1_0_1-pre-reformat
OpenSSL_1_0_1a
OpenSSL_1_0_1b
OpenSSL_1_0_1c
OpenSSL_1_0_1d
OpenSSL_1_0_1e
OpenSSL_1_0_1f
OpenSSL_1_0_1g
OpenSSL_1_0_1h
OpenSSL_1_0_1i
OpenSSL_1_0_1j
OpenSSL_1_0_1k
OpenSSL_1_0_1l
OpenSSL_1_0_1m
OpenSSL_1_0_1n
OpenSSL_1_0_1o
OpenSSL_1_0_1p
OpenSSL_1_0_1q
OpenSSL_1_0_1r
OpenSSL_1_0_1s
OpenSSL_1_0_1t
OpenSSL_1_0_1u
OpenSSL_1_0_2
OpenSSL_1_0_2-beta1
OpenSSL_1_0_2-beta2
OpenSSL_1_0_2-beta3
OpenSSL_1_0_2-post-auto-reformat
OpenSSL_1_0_2-post-reformat
OpenSSL_1_0_2-pre-auto-reformat
OpenSSL_1_0_2-pre-reformat
OpenSSL_1_0_2a
OpenSSL_1_0_2b
OpenSSL_1_0_2c
OpenSSL_1_0_2d
OpenSSL_1_0_2e
OpenSSL_1_0_2f
OpenSSL_1_0_2g
OpenSSL_1_0_2h
OpenSSL_1_0_2i
OpenSSL_1_0_2j
OpenSSL_1_0_2k
OpenSSL_1_0_2l
OpenSSL_1_0_2m
OpenSSL_1_0_2n
OpenSSL_1_0_2o
OpenSSL_1_0_2p
OpenSSL_1_0_2q
OpenSSL_1_0_2r
OpenSSL_1_0_2s
OpenSSL_1_0_2t
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
OpenSSL_1_1_1a
OpenSSL_1_1_1b
OpenSSL_1_1_1c
OpenSSL_1_1_1d
OpenSSL_1_1_1e
OpenSSL_1_1_1f
OpenSSL_1_1_1g
OpenSSL_1_1_1h
OpenSSL_1_1_1i
OpenSSL_1_1_1j
OpenSSL_1_1_1k
OpenSSL_1_1_1l
OpenSSL_1_1_1m
OpenSSL_1_1_1n
OpenSSL_1_1_1o
OpenSSL_1_1_1p
OpenSSL_1_1_1q
OpenSSL_1_1_1r
OpenSSL_1_1_1s
OpenSSL_1_1_1t
OpenSSL_1_1_1u
OpenSSL_1_1_1v
OpenSSL_FIPS_1_0
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.7.31
mysql-5.7.32
mysql-9.*
mysql-9.0.0-release
mysql-9.4.0
mysql-cluster-9.*
mysql-cluster-9.4.0
vm-19.*
vm-19.3.0
vm-19.3.0.2
vm-19.3.1
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-20.*
vm-20.0.0
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-21.*
vm-21.0.0
vm-21.0.0.2
vm-ce-21.*
vm-ce-21.2.0
Database specific
vanir_signatures_modified
"2026-04-11T13:53:53Z"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.11.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.12.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.12.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13.0"
}
]
},
{
"events": [
{
"introduced": "5.13.0"
},
{
"last_affected": "5.17.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.6"
}
]
},
{
"events": [
{
"introduced": "11.1"
},
{
"fixed": "11.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.5.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.9.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.57"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.58"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.59"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23841.json"
vanir_signatures
[
{
"signature_type": "Line",
"target": {
"file": "include/welcome_copyright_notice.h"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-23841-a59356ae",
"source": "https://github.com/mysql/mysql-server/commit/e5d189ecb9465f4be6235109dd3dbcaab01ddc53",
"digest": {
"line_hashes": [
"286756561296075042237231219649184368171",
"302896255058266923472696425836035569717",
"300297427993859605007554044173966498739",
"175565100923089660637647648328373853699",
"71802579880224164103266412744806334599",
"315666916814277685292192961936838231932",
"198092292660585766502869236426726266894",
"162640942130416387239939759911226756525"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "include/openssl/opensslv.h"
},
"signature_version": "v1",
"id": "CVE-2021-23841-c377fa22",
"source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
"digest": {
"line_hashes": [
"28170854778703993674264004058177114599",
"73132526844288570625317440636111911761",
"177405411499435185068645597737938634778",
"224809958623850711330610094965797758930",
"295554444428855106393106961197201359586"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "crypto/opensslv.h"
},
"signature_version": "v1",
"id": "CVE-2021-23841-e051451f",
"source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
"digest": {
"line_hashes": [
"251633914150035957322733061977107206211",
"338514574181828579838011565939158652696",
"76638288692106140328510055542557597351",
"142922657400765574308962710386922248045",
"71649992455794854055653842592139575350",
"65527166711110472566013424527579064967",
"253196866009476977787139000804413898733",
"172177136897997206866313011107384691461"
],
"threshold": 0.9
}
}
]