Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-1967

Disclosure Date: April 21, 2020
CVE-2020-1967 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the “signature_algorithms_cert” TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
OpenSSL Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • broadcom,
  • debian,
  • fedoraproject,
  • freebsd,
  • jdedwards,
  • netapp,
  • openssl,
  • opensuse,
  • oracle,
  • tenable

Products

  • active iq unified manager,
  • application server 12.1.3,
  • debian linux 10.0,
  • debian linux 9.0,
  • e-series performance analyzer -,
  • enterprise manager base platform 13.4.0.0,
  • enterprise manager for storage management 13.3.0.0,
  • enterprise manager for storage management 13.4.0.0,
  • enterprise manager ops center 12.4.0,
  • enterpriseone,
  • fabric operating system -,
  • fedora 30,
  • fedora 31,
  • fedora 32,
  • freebsd 12.1,
  • http server 12.2.1.4.0,
  • jd edwards world security a9.4,
  • leap 15.1,
  • leap 15.2,
  • log correlation engine,
  • mysql,
  • mysql connectors,
  • mysql enterprise monitor,
  • mysql workbench,
  • oncommand insight -,
  • oncommand workflow automation -,
  • openssl,
  • peoplesoft enterprise peopletools 8.56,
  • peoplesoft enterprise peopletools 8.57,
  • peoplesoft enterprise peopletools 8.58,
  • peoplesoft enterprise peopletools 8.59,
  • smi-s provider -,
  • snapcenter -,
  • steelstore cloud integrated storage -

References

Canonical
CVE-2020-1967 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967)
Advisory
DSA-4661 (https://www.debian.org/security/2020/dsa-4661)
[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain (http://www.openwall.com/lists/oss-security/2020/04/22/2)
[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24? (https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24? (https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24? (https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E)
GLSA-202004-10 (https://security.gentoo.org/glsa/202004-10)
FEDORA-2020-fcc91a28e8 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO)
FEDORA-2020-da2d1ef2d7 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY)
20200501 CVE-2020-1967: proving sigalg != NULL (http://seclists.org/fulldisclosure/2020/May/5)
FEDORA-2020-d7b29838f6 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
https://www.tenable.com/security/tns-2020-03
https://www.openssl.org/news/secadv/20200421.txt
https://git.openssl.org/gitweb?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
https://security.netapp.com/advisory/ntap-20200424-0003
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
https://www.synology.com/security/advisory/Synology_SA_20_05
https://www.tenable.com/security/tns-2020-04
https://security.netapp.com/advisory/ntap-20200717-0004
FEDORA-2020-fcc91a28e8 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/)
FEDORA-2020-da2d1ef2d7 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/)
FEDORA-2020-d7b29838f6 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
https://security.netapp.com/advisory/ntap-20200424-0003/
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-10
Miscellaneous
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
https://www.oracle.com/security-alerts/cpujul2020.html
https://github.com/irsl/CVE-2020-1967
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis