Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2020-1967

UNKNOWN

Published 2020-04-21T13:45:15.136203Z

Actions:

No CVSS data available

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

OpenSSL

Affected Versions:

Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc

https://www.debian.org/security/2020/dsa-4661

http://www.openwall.com/lists/oss-security/2020/04/22/2

https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E

https://security.gentoo.org/glsa/202004-10

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/

http://seclists.org/fulldisclosure/2020/May/5

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.tenable.com/security/tns-2020-03

https://www.openssl.org/news/secadv/20200421.txt

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440

https://security.netapp.com/advisory/ntap-20200424-0003/

https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL

https://github.com/irsl/CVE-2020-1967

http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html

https://www.synology.com/security/advisory/Synology_SA_20_05

https://www.tenable.com/security/tns-2020-04

https://www.oracle.com/security-alerts/cpuoct2020.html

https://security.netapp.com/advisory/ntap-20200717-0004/

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.tenable.com/security/tns-2020-11

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.tenable.com/security/tns-2021-10

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuoct2021.html

HackerOne Reports

Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE Medium

pvm

U.S. Dept Of Defense

Information Exposure Through an Error Message

Published: 2020-04-21T13:45:15.136203Z

Last Modified: 2024-09-17T03:13:46.200Z

Copied to clipboard!