QwikSec

Security Database

CVE

CWE

Training

CVE-2020-1967

Published: Apr 21, 2020

Modified: Sep 17, 2024

PUBLISHED

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Vendor	Product	Versions
OpenSSL	OpenSSL	affected `Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)`

References

FreeBSD-SA-20:11

vendor-advisory

x_refsource_FREEBSD

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

FEDORA-2020-fcc91a28e8

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-da2d1ef2d7

vendor-advisory

x_refsource_FEDORA

20200501 CVE-2020-1967: proving sigalg != NULL

mailing-list

x_refsource_FULLDISC

FEDORA-2020-d7b29838f6

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:0933

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:0945

vendor-advisory

x_refsource_SUSE

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://www.tenable.com/security/tns-2020-03

x_refsource_CONFIRM

https://www.openssl.org/news/secadv/20200421.txt

x_refsource_CONFIRM

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1

x_refsource_CONFIRM

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20200424-0003/

x_refsource_CONFIRM

https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL

x_refsource_CONFIRM

https://github.com/irsl/CVE-2020-1967

x_refsource_MISC

http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html

x_refsource_MISC

https://www.synology.com/security/advisory/Synology_SA_20_05

x_refsource_CONFIRM

https://www.tenable.com/security/tns-2020-04

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200717-0004/

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

https://www.tenable.com/security/tns-2020-11

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

https://www.tenable.com/security/tns-2021-10

x_refsource_CONFIRM

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.