CVE-2020-1967

Home/CVE/Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due

CVE

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.

OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

HIGH · CVSS 7.5 EPSS 0.60769

Act now

EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 2% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules2 YARA rules0

⬡

Weakness Classification

CWE-476NULL Pointer Dereference

▤

Affected Products & Versions

openssl>= 1.1.1d and <= 1.1.1f
debian linuxall versions
freebsdall versions
fedoraproject fedoraall versions
oracle application serverall versions
oracle enterprise manager base platformall versions
oracle enterprise manager for storage managementall versions
oracle enterprise manager ops centerall versions
Show all 30 affected productsoracle http serverall versions
oracle jd edwards world securityall versions
oracle mysql<= 5.6.48
oracle mysql>= 5.7.0 and <= 5.7.30
oracle mysql>= 8.0.0 and <= 8.0.20
oracle mysql connectors<= 8.0.20
oracle mysql enterprise monitor<= 4.0.12
oracle mysql enterprise monitor>= 8.0.0 and <= 8.0.20
oracle mysql workbench<= 8.0.21
oracle peoplesoft enterprise peopletoolsall versions
netapp active iq unified manager>= 7.3
netapp active iq unified manager>= 9.5
netapp e-series performance analyzerall versions
netapp oncommand insightall versions
netapp oncommand workflow automationall versions
netapp smi-s providerall versions
netapp snapcenterall versions
netapp steelstore cloud integrated storageall versions
broadcom fabric operating systemall versions
opensuse leapall versions
jdedwards enterpriseone< 9.2.5.0
tenable log correlation engine< 6.0.9

▤

Affected Packages

Language-ecosystem packages (from OSV) tied to this CVE, with the version that fixes it - the dependency-level detail NVD doesn’t carry.

crates.io openssl-src HIGH fixed in 111.9.0

⚠

Public Exploits & PoCs

pocpacketstormsecurity.com · OpenSSL-signature_algorithms_cert-Denial-Of-Service.htmlpacketstormsecurity.com

pocgithub.com · CVE-2020-1967github.com

◈

Sigma Hunt Rules

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

producthighOpenCanary - MySQL Login Attempt

producthighUncommon File Creation By Mysql Daemon Process

▣

Scoring & Timeline

7.5

HIGH · CVSS v3.1 · openssl-security@openssl.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD21 Apr 2020 · 02:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

⚑

Vendor Advisories

suse-csafopenSUSE-SU-2024:11127-1
suse-csafopenSUSE-SU-2024:11359-1
suse-csafopenSUSE-SU-2024:11360-1
siemens-csafSSA-108696
suse-csafSUSE-SU-2020:2041-1
Show all 9 vendor advisoriessuse-csafopenSUSE-SU-2020:0945-1
suse-csafopenSUSE-SU-2020:0933-1
suse-csafSUSE-SU-2020:1058-1
cisa-csafcisa-csaf-csaf_files-OT-white-2024-icsa-24-046-02