CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2020-1968 – Raccoon attack
https://notcve.org/view.php?id=CVE-2020-1968
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. • https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html https://security.gentoo.org/glsa/202210-02 https://security.netapp.com/advisory/ntap-20200911-0004 https://usn.ubuntu.com/4504-1 https://www.openssl.org/news/secadv/20200909.txt https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.o • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 8%CPEs: 38EXPL: 1CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. • https://github.com/irsl/CVE-2020-1967 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/5 http://www.openwall.com/lists/oss-security/2020/04/22/2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 https:/&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7043
https://notcve.org/view.php?id=CVE-2020-7043
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones anteriores a 1.0.2. en el archivo tunnel.c maneja inapropiadamente la comprobación del certificado porque las comparaciones hostname no consideran los caracteres "\0", como es demostrado por un ataque de good.example.com\x00evil.example.com. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7042
https://notcve.org/view.php?id=CVE-2020-7042
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones 1.0.2 o posteriores, en el archivo tunnel.c, maneja inapropiadamente la comprobación del certificado porque la verificación del nombre de host funciona en la memoria no inicializada. El resultado es que un certificado válido nunca es aceptado (solo puede ser aceptado un certificado malformado). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7041
https://notcve.org/view.php?id=CVE-2020-7041
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. Se detectó un problema en openfortivpn versión 1.11.0, cuando se usaba con OpenSSL versiones 1.0.2 o posteriores, el archivo tunnel.c maneja inapropiadamente la comprobación del certificado porque un código de error negativo de X509_check_host se interpreta como un valor de retorno exitoso. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 https://github.com/adrienverge/openfortivpn/issues/536 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF https://lists.fedoraproject.org/archives/l • CWE-295: Improper Certificate Validation •