Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-1967

Published: 21/04/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions before 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

debian debian linux 9.0

debian debian linux 10.0

freebsd freebsd 12.1

fedoraproject fedora 30

fedoraproject fedora 31

fedoraproject fedora 32

oracle peoplesoft enterprise peopletools 8.56

oracle peoplesoft enterprise peopletools 8.57

oracle jd edwards world security a9.4

oracle enterprise manager ops center 12.4.0

oracle peoplesoft enterprise peopletools 8.58

oracle mysql

oracle enterprise manager base platform 13.4.0.0

oracle mysql enterprise monitor

oracle mysql workbench

oracle http server 12.2.1.4.0

oracle enterprise manager for storage management 13.3.0.0

oracle mysql connectors

oracle enterprise manager for storage management 13.4.0.0

oracle peoplesoft enterprise peopletools 8.59

oracle application server 12.1.3

netapp snapcenter -

netapp steelstore cloud integrated storage -

netapp oncommand workflow automation -

netapp oncommand insight -

netapp smi-s provider -

netapp active iq unified manager

netapp e-series performance analyzer -

broadcom fabric operating system -

opensuse leap 15.1

opensuse leap 15.2

jdedwards enterpriseone

tenable log correlation engine

Vendor Advisories

Debian Security Advisories: DSA-4661-1 openssl -- security update
Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 13 handshake could cause a NULL dereference, resulting in denial of service The oldstable distribution (stretch) is not affected For the stable distribution (buster), this problem has been fixed in version 111d-0+deb10u3 We recommend t ...
Arch Linux Issues:
A NULL-pointer dereference has been found in OpenSSL versions 111d, 111e and 111f Server or client applications that call the SSL_check_chain() function during or after a TLS 13 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension The crash occurs if an inv ...
Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability
Nessus Network Monitor leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to a ...
Tenable Security Advisories: [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities
Nessus Agent leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled library to address the ...
Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Two separate third-party components (jQuery and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address ...
Tenable Security Advisories: [R1] Nessus 8.13.1 Fixes Multiple Vulnerabilities
Nessus leverages third-party software to help provide underlying functionality One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of th ...
Tenable Security Advisories: [R1] Nessus Agent 8.2.2 Fixes Multiple Vulnerabilities
Nessus Agent leverages third-party software to help provide underlying functionality One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact ...
Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities
Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality Two separate third-party components (OpenSSL, jQuery) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled Open ...

Mailing Lists

Full Disclosure: CVE-2020-1967: proving sigalg != NULL
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2020-1967: proving sigalg != NULL <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Imre Rad &lt;radimr ...
Full Disclosure: [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [CVE-2020-1967] OpenSSL 111d+ Segmentation fault in SSL_check_chain <!--X-Subject-Header-End--> <!--X-Head-of-Message--> F ...

Github Repositories

https://github.com/dragon7-fc/misc

A playground to note something

misc A playground to note something Tool ipmitool Build How to make in Ubuntu apt-get install automake libtool apt-get install libssl-dev # yum install openssl-devel /bootstrap /configure make How to make in Windows install Cygwin (32/64) with following package gcc-core make openssl-devel diff autoconf automake m4 libtool lib

https://github.com/rossmacarthur/sheldon-cross

Publish Docker images for https://github.com/rossmacarthur/sheldon CI

sheldon-cross Docker images for sheldon CI How it works A Rust tool renders a Dockerfile from a template Dockerfile for particular target For each target An image is built from this Dockerfile This image is published to Docker Hub This image is referenced in the Crosstoml file in the sheldon repository Releases 023 Released February 21st, 2021 Update to OpenSSL 1

https://github.com/goharbor/pluggable-scanner-spec

Open API spec definition for the scanners that can be plugged into Harbor to do artifact scanning.

pluggable-scanner-spec Open API spec definition for the scanners that can be plugged into Harbor to do artifact scanning Background Add support to Harbor for using other image scanners than Trivy by providing an adapter layer implemented as an HTTP API between Harbor and the scanners' native interfaces This will provide runtime configurable scanner invocation to provid

https://github.com/snigdhasambitak/cks

Practice questions for Certified Kubernetes Security Specialist (CKS) exam

CKS Simulator Kubernetes 125 Pre Setup Question 1 | Contexts Question 2 | Runtime Security with Falco Question 3 | Apiserver Security Question 4 | Pod Security Standard Question 5 | CIS Benchmark Question 6 | Verify Platform Binaries Question 7 | Open Policy Agent Question 8 | Secure Kubernetes Dashboard Question 9 | AppArmor Profile Question 10 | Container Runtime Sandbox gV

https://github.com/irsl/CVE-2020-1967

Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)

CVE-2020-1967 Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) Credit for the original finding to Bernd Edlinger, additional analysis by Matt Caswell and Benjamin Kaduk, this demo by Imre Rad Prerequisite Server or client applications that call the SSL_check_chain() function during or after a TLS 13 handshake According to the documen

https://github.com/hstiwana/cks

cks1.28

CKS Simulator Kubernetes 128 killersh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment You could set these: alias k=kubectl # will already be pre-configured export do="--dry-run=client -o yaml" # k create deploy nginx --image=nginx $do export now="--force

https://github.com/yonhan3/openssl-cve

CVE info of GIT commits for OpenSSL

openssl-cve Table of Contents Overview YAML Format Proposal for CVE Git Commits YAML Format Proposal for CVE Checking Rules Help is Needed from OpenSSL Developers Overview CVE info of GIT commits for OpenSSL This repo provides CVE info of GIT commits for the OpenSSL git repo Such CVE info can be used by the bomsh tool to create the CVE database for OpenSSL, which is then use

Recent Articles

GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps
The Register • Shaun Nichols in San Francisco • 23 Apr 2020

Static analyzer proves its worth with discovery of null-pointer error

A static analysis feature set to appear in GCC 10, which will catch common programming errors that can lead to security vulnerabilities, has scored an early win – it snared an exploitable flaw in OpenSSL. Bernd Edlinger discovered CVE-2020-1967, a denial-of-service flaw deemed to be a high severity risk by the OpenSSL team. It is possible to crash a server or application that uses a vulnerable build of OpenSSL by sending specially crafted messages while setting up a TLS 1.3 connection. This me...

Read more...

References

CWE-476https://www.openssl.org/news/secadv/20200421.txthttps://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.aschttps://www.debian.org/security/2020/dsa-4661http://www.openwall.com/lists/oss-security/2020/04/22/2https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440https://security.gentoo.org/glsa/202004-10https://security.netapp.com/advisory/ntap-20200424-0003/https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSLhttps://www.tenable.com/security/tns-2020-03https://github.com/irsl/CVE-2020-1967http://seclists.org/fulldisclosure/2020/May/5http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.htmlhttps://www.synology.com/security/advisory/Synology_SA_20_05https://www.tenable.com/security/tns-2020-04http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.tenable.com/security/tns-2020-11https://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.tenable.com/security/tns-2021-10https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4661https://github.com/dragon7-fc/misc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook