CVE-2020-1967

EUVD-2021-1780
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
1.1.1d ≤
𝑥
≤ 1.1.1f
debiandebian_linux
9.0
debiandebian_linux
10.0
freebsdfreebsd
12.1
oracleapplication_server
12.1.3
oracleenterprise_manager_base_platform
13.4.0.0
oracleenterprise_manager_for_storage_management
13.3.0.0
oracleenterprise_manager_for_storage_management
13.4.0.0
oracleenterprise_manager_ops_center
12.4.0
oraclehttp_server
12.2.1.4.0
oraclemysql
𝑥
≤ 5.6.48
oraclemysql
5.7.0 ≤
𝑥
≤ 5.7.30
oraclemysql
8.0.0 ≤
𝑥
≤ 8.0.20
oraclemysql_connectors
𝑥
≤ 8.0.20
oraclemysql_enterprise_monitor
𝑥
≤ 4.0.12
oraclemysql_enterprise_monitor
8.0.0 ≤
𝑥
≤ 8.0.20
oraclemysql_workbench
𝑥
≤ 8.0.21
oraclepeoplesoft_enterprise_peopletools
8.56
oraclepeoplesoft_enterprise_peopletools
8.57
oraclepeoplesoft_enterprise_peopletools
8.58
oraclepeoplesoft_enterprise_peopletools
8.59
netappactive_iq_unified_manager
7.3 ≤
netappactive_iq_unified_manager
9.5 ≤
netappe-series_performance_analyzer
-
netapponcommand_insight
-
netapponcommand_workflow_automation
-
netappsmi-s_provider
-
netappsnapcenter
-
netappsteelstore_cloud_integrated_storage
-
broadcomfabric_operating_system
-
opensuseleap
15.1
opensuseleap
15.2
jdedwardsenterpriseone
𝑥
< 9.2.5.0
tenablelog_correlation_engine
𝑥
< 6.0.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
jessie
not-affected
sid
3.3.2-2
fixed
stretch
not-affected
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
not-affected
eoan
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
openssl
bionic
not-affected
eoan
not-affected
focal
Fixed 1.1.1f-1ubuntu2
released
trusty
not-affected
xenial
not-affected
openssl1.0
bionic
not-affected
eoan
dne
focal
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2020/May/5
http://www.openwall.com/lists/oss-security/2020/04/22/2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1
https://github.com/irsl/CVE-2020-1967
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
https://security.gentoo.org/glsa/202004-10
https://security.netapp.com/advisory/ntap-20200424-0003/
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.debian.org/security/2020/dsa-4661
https://www.openssl.org/news/secadv/20200421.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.synology.com/security/advisory/Synology_SA_20_05
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
https://www.tenable.com/security/tns-2020-03
https://www.tenable.com/security/tns-2020-04
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-10
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2020/May/5
http://www.openwall.com/lists/oss-security/2020/04/22/2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1
https://github.com/irsl/CVE-2020-1967
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
https://security.gentoo.org/glsa/202004-10
https://security.netapp.com/advisory/ntap-20200424-0003/
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.debian.org/security/2020/dsa-4661
https://www.openssl.org/news/secadv/20200421.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.synology.com/security/advisory/Synology_SA_20_05
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
https://www.tenable.com/security/tns-2020-03
https://www.tenable.com/security/tns-2020-04
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-10