Vulnerability Details : CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2020-1967
- cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- Oracle » Mysql Enterprise MonitorVersions from including (>=) 8.0.0 and up to, including, (<=) 8.0.20cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-1967
19.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1967
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-1967
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-1967
-
https://www.tenable.com/security/tns-2020-04
[R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability - Security Advisory | Tenable®Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020Patch;Third Party Advisory
-
https://www.tenable.com/security/tns-2021-10
[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
[security-announce] openSUSE-SU-2020:0945-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E
Re: Time for Tomcat Native 1.2.24? - Pony MailMailing List;Third Party Advisory
-
https://www.synology.com/security/advisory/Synology_SA_20_05
Synology Inc.Third Party Advisory
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
Pulse Security Advisory: SA44440 - April 21 2020 OpenSSL Security AdvisoryThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
[security-announce] openSUSE-SU-2020:0933-1: moderate: Security update fMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Third Party Advisory
-
https://www.tenable.com/security/tns-2020-03
[R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200717-0004/
July 2020 MySQL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E
Re: Time for Tomcat Native 1.2.24? - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Patch;Third Party Advisory
-
https://github.com/irsl/CVE-2020-1967
GitHub - irsl/CVE-2020-1967: Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)Exploit;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
[SECURITY] Fedora 30 Update: openssl-1.1.1g-1.fc30 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
git.openssl.org Git - openssl.git/commitdiffMailing List;Patch;Vendor Advisory
-
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
OpenSSL signature_algorithms_cert Denial Of Service ≈ Packet StormThird Party Advisory;VDB Entry
-
https://www.openssl.org/news/secadv/20200421.txt
Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
[SECURITY] Fedora 32 Update: openssl-1.1.1g-1.fc32 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://www.debian.org/security/2020/dsa-4661
Debian -- Security Information -- DSA-4661-1 opensslThird Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/04/22/2
oss-security - [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chainMailing List;Third Party Advisory
-
https://www.tenable.com/security/tns-2020-11
[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://security.gentoo.org/glsa/202004-10
OpenSSL: Multiple vulnerabilities (GLSA 202004-10) — Gentoo securityThird Party Advisory
-
https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E
Time for Tomcat Native 1.2.24? - Pony MailMailing List;Third Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
Patch;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/May/5
Full Disclosure: CVE-2020-1967: proving sigalg != NULLMailing List;Third Party Advisory
-
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
Synology Inc.Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200424-0003/
CVE-2020-1967 OpenSSL Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
[SECURITY] Fedora 31 Update: openssl-1.1.1g-1.fc31 - package-announce - Fedora Mailing-ListsThird Party Advisory
Jump to