Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-1967

UNKNOWN
Published 2020-04-21T13:45:15.136203Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-1967. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

OpenSSL

OpenSSL

Affected Versions:

Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Null pointer deference in openssl-src

GHSA-jq65-29v4-4x35

Advisory Details

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Affected Packages

crates.io openssl-src
ECOSYSTEM: ≥111.6.0 <111.9.0

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-1967
WEB https://www.tenable.com/security/tns-2021-10
WEB https://www.tenable.com/security/tns-2020-11
WEB https://www.tenable.com/security/tns-2020-04
WEB https://www.tenable.com/security/tns-2020-03
WEB https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
WEB https://www.synology.com/security/advisory/Synology_SA_20_05
WEB https://www.oracle.com/security-alerts/cpuoct2021.html
WEB https://www.oracle.com/security-alerts/cpuoct2020.html
WEB https://www.oracle.com/security-alerts/cpujul2020.html
WEB https://www.oracle.com/security-alerts/cpujan2021.html
WEB https://www.oracle.com/security-alerts/cpuApr2021.html
WEB https://www.oracle.com//security-alerts/cpujul2021.html
WEB https://www.openssl.org/news/secadv/20200421.txt
WEB https://www.debian.org/security/2020/dsa-4661
WEB https://security.netapp.com/advisory/ntap-20200717-0004
WEB https://security.netapp.com/advisory/ntap-20200424-0003
WEB https://security.gentoo.org/glsa/202004-10
WEB https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
WEB https://rustsec.org/advisories/RUSTSEC-2020-0015.html
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY
WEB https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E
WEB https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
WEB https://github.com/irsl/CVE-2020-1967
WEB https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
WEB http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
WEB http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
WEB http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
WEB http://seclists.org/fulldisclosure/2020/May/5
WEB http://www.openwall.com/lists/oss-security/2020/04/22/2

Advisory provided by GitHub Security Advisory Database. Published: August 25, 2021, Modified: August 19, 2021

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
https://www.debian.org/security/2020/dsa-4661
http://www.openwall.com/lists/oss-security/2020/04/22/2
https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E
https://security.gentoo.org/glsa/202004-10
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
http://seclists.org/fulldisclosure/2020/May/5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.tenable.com/security/tns-2020-03
https://www.openssl.org/news/secadv/20200421.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
https://security.netapp.com/advisory/ntap-20200424-0003/
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
https://github.com/irsl/CVE-2020-1967
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
https://www.synology.com/security/advisory/Synology_SA_20_05
https://www.tenable.com/security/tns-2020-04
https://www.oracle.com/security-alerts/cpuoct2020.html
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.tenable.com/security/tns-2020-11
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.tenable.com/security/tns-2021-10
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html

HackerOne Reports

Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE Medium
pvm
U.S. Dept Of Defense
Information Exposure Through an Error Message
View Report
Published: 2020-04-21T13:45:15.136203Z
Last Modified: 2024-09-17T03:13:46.200Z
Copied to clipboard!