// For flags

CVE-2020-1967

Segmentation fault in SSL_check_chain

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Las aplicaciones de Servidor o Cliente que llaman a la función SSL_check_chain() durante o después del protocolo de enlace de TLS versión 1.3, puede bloquear debido a una desreferencia del puntero NULL como resultado de un manejo incorrecto de la extensión TLS "signature_algorithms_cert". El bloqueo ocurre si se recibe un algoritmo de firma no comprobada o ni reconocido del peer. Esto podría ser explotado por un peer malicioso en un ataque de Denegación de Servicio. OpenSSL versiones 1.1.1d, 1.1.1e y 1.1.1f están afectadas por este problema. Este problema no afectaba a OpenSSL versiones anteriores a la versión 1.1.1d. Corregido en OpenSSL versión 1.1.1g (Afectado en la versión 1.1.1d-1.1.1f).

*Credits: Bernd Edlinger
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-03 CVE Reserved
  • 2020-04-21 CVE Published
  • 2024-03-12 EPSS Updated
  • 2024-09-17 CVE Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
References (32)
URL Tag Source
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/5 Mailing List
http://www.openwall.com/lists/oss-security/2020/04/22/2 Mailing List
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 X_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440 Third Party Advisory
https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E Mailing List
https://security.netapp.com/advisory/ntap-20200424-0003 Third Party Advisory
https://security.netapp.com/advisory/ntap-20200717-0004 Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_05 Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL Third Party Advisory
https://www.tenable.com/security/tns-2020-03 Third Party Advisory
https://www.tenable.com/security/tns-2020-04 Third Party Advisory
https://www.tenable.com/security/tns-2020-11 Third Party Advisory
https://www.tenable.com/security/tns-2021-10 Third Party Advisory
URL Date SRC
https://github.com/irsl/CVE-2020-1967 2024-09-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 1.1.1d <= 1.1.1f
Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1d <= 1.1.1f"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
12.1
Search vendor "Freebsd" for product "Freebsd" and version "12.1"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
31
Search vendor "Fedoraproject" for product "Fedora" and version "31"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Oracle
Search vendor "Oracle"
Application Server
Search vendor "Oracle" for product "Application Server"
12.1.3
Search vendor "Oracle" for product "Application Server" and version "12.1.3"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager Base Platform
Search vendor "Oracle" for product "Enterprise Manager Base Platform"
13.4.0.0
Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.4.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager For Storage Management
Search vendor "Oracle" for product "Enterprise Manager For Storage Management"
13.3.0.0
Search vendor "Oracle" for product "Enterprise Manager For Storage Management" and version "13.3.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager For Storage Management
Search vendor "Oracle" for product "Enterprise Manager For Storage Management"
13.4.0.0
Search vendor "Oracle" for product "Enterprise Manager For Storage Management" and version "13.4.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager Ops Center
Search vendor "Oracle" for product "Enterprise Manager Ops Center"
12.4.0
Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
12.2.1.4.0
Search vendor "Oracle" for product "Http Server" and version "12.2.1.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Jd Edwards World Security
Search vendor "Oracle" for product "Jd Edwards World Security"
a9.4
Search vendor "Oracle" for product "Jd Edwards World Security" and version "a9.4"
-
Affected
Oracle
Search vendor "Oracle"
Mysql
Search vendor "Oracle" for product "Mysql"
<= 5.6.48
Search vendor "Oracle" for product "Mysql" and version " <= 5.6.48"
-
Affected
Oracle
Search vendor "Oracle"
Mysql
Search vendor "Oracle" for product "Mysql"
>= 5.7.0 <= 5.7.30
Search vendor "Oracle" for product "Mysql" and version " >= 5.7.0 <= 5.7.30"
-
Affected
Oracle
Search vendor "Oracle"
Mysql
Search vendor "Oracle" for product "Mysql"
>= 8.0.0 <= 8.0.20
Search vendor "Oracle" for product "Mysql" and version " >= 8.0.0 <= 8.0.20"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Connectors
Search vendor "Oracle" for product "Mysql Connectors"
<= 8.0.20
Search vendor "Oracle" for product "Mysql Connectors" and version " <= 8.0.20"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Enterprise Monitor
Search vendor "Oracle" for product "Mysql Enterprise Monitor"
<= 4.0.12
Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 4.0.12"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Enterprise Monitor
Search vendor "Oracle" for product "Mysql Enterprise Monitor"
>= 8.0.0 <= 8.0.20
Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " >= 8.0.0 <= 8.0.20"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Workbench
Search vendor "Oracle" for product "Mysql Workbench"
<= 8.0.21
Search vendor "Oracle" for product "Mysql Workbench" and version " <= 8.0.21"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.56
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.57
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.58
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.59
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59"
-
Affected
Netapp
Search vendor "Netapp"
Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
>= 7.3
Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 7.3"
windows
Affected
Netapp
Search vendor "Netapp"
Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
>= 9.5
Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 9.5"
vmware_vsphere
Affected
Netapp
Search vendor "Netapp"
E-series Performance Analyzer
Search vendor "Netapp" for product "E-series Performance Analyzer"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Insight
Search vendor "Netapp" for product "Oncommand Insight"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected
Netapp
Search vendor "Netapp"
Smi-s Provider
Search vendor "Netapp" for product "Smi-s Provider"
--
Affected
Netapp
Search vendor "Netapp"
Snapcenter
Search vendor "Netapp" for product "Snapcenter"
--
Affected
Netapp
Search vendor "Netapp"
Steelstore Cloud Integrated Storage
Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"
--
Affected
Broadcom
Search vendor "Broadcom"
Fabric Operating System
Search vendor "Broadcom" for product "Fabric Operating System"
--
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.1
Search vendor "Opensuse" for product "Leap" and version "15.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.2
Search vendor "Opensuse" for product "Leap" and version "15.2"
-
Affected
Jdedwards
Search vendor "Jdedwards"
Enterpriseone
Search vendor "Jdedwards" for product "Enterpriseone"
< 9.2.5.0
Search vendor "Jdedwards" for product "Enterpriseone" and version " < 9.2.5.0"
-
Affected
Tenable
Search vendor "Tenable"
Log Correlation Engine
Search vendor "Tenable" for product "Log Correlation Engine"
< 6.0.9
Search vendor "Tenable" for product "Log Correlation Engine" and version " < 6.0.9"
-
Affected