CVE-2020-1967

Description from NVD

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Information Acquisition Date:2021-04-27T10:41Z
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD References

 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
     source:CONFIRM
     tags:Mailing List    Patch    Vendor Advisory    
 https://www.openssl.org/news/secadv/20200421.txt
     source:CONFIRM
     tags:Vendor Advisory    
 FreeBSD-SA-20:11
     source:FREEBSD
     tags:Patch    Third Party Advisory    
 DSA-4661
     source:DEBIAN
     tags:Third Party Advisory    
 [oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
     source:CONFIRM
     tags:Third Party Advisory    
 [tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 GLSA-202004-10
     source:GENTOO
     tags:Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20200424-0003/
     source:CONFIRM
     tags:Third Party Advisory    
 https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
     source:CONFIRM
     tags:Third Party Advisory    
 FEDORA-2020-fcc91a28e8
     source:FEDORA
     tags:Third Party Advisory    
 https://www.tenable.com/security/tns-2020-03
     source:CONFIRM
     tags:Third Party Advisory    
 FEDORA-2020-da2d1ef2d7
     source:FEDORA
     tags:Third Party Advisory    
 https://github.com/irsl/CVE-2020-1967
     source:MISC
     tags:Exploit    Third Party Advisory    
 20200501 CVE-2020-1967: proving sigalg != NULL
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 FEDORA-2020-d7b29838f6
     source:FEDORA
     tags:Third Party Advisory    
 https://www.synology.com/security/advisory/Synology_SA_20_05
     source:CONFIRM
     tags:Third Party Advisory    
 https://www.tenable.com/security/tns-2020-04
     source:CONFIRM
     tags:Third Party Advisory    
 openSUSE-SU-2020:0933
     source:SUSE
     tags:Mailing List    Third Party Advisory    
 openSUSE-SU-2020:0945
     source:SUSE
     tags:Mailing List    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpujul2020.html
     source:MISC
     tags:Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20200717-0004/
     source:CONFIRM
     tags:Third Party Advisory    
 https://www.oracle.com/security-alerts/cpuoct2020.html
     source:MISC
     tags:Third Party Advisory    
 https://www.tenable.com/security/tns-2020-11
     source:CONFIRM
     tags:Third Party Advisory    
 https://www.oracle.com/security-alerts/cpujan2021.html
     source:MISC
     tags:Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/l/uW12
https://www.ipa.go.jp/security/ciadr/vul/alert20200423.html6
https://ift.tt/3bxqVwF5
https://github.com/irsl/CVE-2020-19674
https://www.openssl.org/news/secadv/20200421.txt4
https://security.sios.com/vulnerability/openssl-security-vu...4
https://securityaffairs.co/wordpress/101997/security/openss...4
https://twitter.com/search?src=sprv&q=CVE-2020-19673
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;...3
https://www.jpcert.or.jp/at/2020/at200018.html3

Information from Twitter

User URL Info Source Date
No Data

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com12
www.ipa.go.jp6
ift.tt5
github.com4
www.openssl.org4
security.sios.com4
securityaffairs.co4
twitter.com3
git.openssl.org3
www.jpcert.or.jp3

Information from Twitter

User URL Info Source
No Data
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2022/12/04 Score : 0
Added Har-sia Database : 2020/04/21
Last Modified : 2022/12/04
Highest Scored Date : 2020/04/22
Highest Score : 104