CVE-2020-1967

Name
CVE-2020-1967
Description
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
Vendor Advisory https://www.openssl.org/news/secadv/20200421.txt
Patch https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
Third Party Advisory https://www.debian.org/security/2020/dsa-4661
Mailing List http://www.openwall.com/lists/oss-security/2020/04/22/2
Mailing List https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E
Mailing List https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E
Third Party Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
Mailing List https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E
Third Party Advisory https://security.gentoo.org/glsa/202004-10
Third Party Advisory https://security.netapp.com/advisory/ntap-20200424-0003/
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
Third Party Advisory https://www.tenable.com/security/tns-2020-03
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
Exploit https://github.com/irsl/CVE-2020-1967
Mailing List http://seclists.org/fulldisclosure/2020/May/5
Third Party Advisory http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_20_05
Third Party Advisory https://www.tenable.com/security/tns-2020-04
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
Third Party Advisory https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20200717-0004/
Third Party Advisory https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory https://www.tenable.com/security/tns-2020-11
Third Party Advisory https://www.oracle.com/security-alerts/cpujan2021.html
CONFIRM https://www.tenable.com/security/tns-2021-10
MISC https://www.oracle.com/security-alerts/cpuApr2021.html
N/A https://www.oracle.com//security-alerts/cpujul2021.html
MISC https://www.oracle.com/security-alerts/cpuoct2021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* openssl >= 1.1.1d <= 1.1.1f

Vulnerable and fixed packages

Source package Branch Version Maintainer Status