Vulnerability Description
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | >= 1.1.1d, <= 1.1.1f |
| Debian | Debian Linux | 9.0 |
| Freebsd | Freebsd | 12.1 |
| Fedoraproject | Fedora | 30 |
| Oracle | Application Server | 12.1.3 |
| Oracle | Enterprise Manager Base Platform | 13.4.0.0 |
| Oracle | Enterprise Manager For Storage Management | 13.3.0.0 |
| Oracle | Enterprise Manager Ops Center | 12.4.0 |
| Oracle | Http Server | 12.2.1.4.0 |
| Oracle | Jd Edwards World Security | a9.4 |
| Oracle | Mysql | <= 5.6.48 |
| Oracle | Mysql Connectors | <= 8.0.20 |
| Oracle | Mysql Enterprise Monitor | <= 4.0.12 |
| Oracle | Mysql Workbench | <= 8.0.21 |
| Oracle | Peoplesoft Enterprise Peopletools | 8.56 |
| Netapp | Active Iq Unified Manager | >= 7.3 |
| Netapp | E-Series Performance Analyzer | - |
| Netapp | Oncommand Insight | - |
| Netapp | Oncommand Workflow Automation | - |
| Netapp | Smi-S Provider | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.htmlMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-DeThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/May/5Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2020/04/22/2Mailing ListThird Party Advisory
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83
- https://github.com/irsl/CVE-2020-1967ExploitThird Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440Third Party Advisory
- https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c645
- https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf30355
- https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.ascPatchThird Party Advisory
FAQ
What is CVE-2020-1967?
CVE-2020-1967 is a vulnerability with a CVSS score of 7.5 (HIGH). Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signatu...
How severe is CVE-2020-1967?
CVE-2020-1967 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1967?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Debian Debian Linux, Freebsd Freebsd, Fedoraproject Fedora, Oracle Application Server.