Strix
26.1K

CVE-2020-1967

HIGHCVSS 7.5/10EPSS 53.34%

Last modified

CVE-2020-1967 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. EPSS estimates a 53.34% chance of exploitation in the next 30 days.

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
53.34%

98.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OpensslOpenssl>= 1.1.1d, <= 1.1.1f
DebianDebian Linux9.0
DebianDebian Linux10.0
FreebsdFreebsd12.1
FedoraprojectFedora30
FedoraprojectFedora31
FedoraprojectFedora32
OracleApplication Server12.1.3
OracleEnterprise Manager Base Platform13.4.0.0
OracleEnterprise Manager For Storage Management13.3.0.0
OracleEnterprise Manager For Storage Management13.4.0.0
OracleEnterprise Manager Ops Center12.4.0
OracleHttp Server12.2.1.4.0
OracleJd Edwards World Securitya9.4
OracleMysql<= 5.6.48
OracleMysql>= 5.7.0, <= 5.7.30
OracleMysql>= 8.0.0, <= 8.0.20
OracleMysql Connectors<= 8.0.20
OracleMysql Enterprise Monitor<= 4.0.12
OracleMysql Enterprise Monitor>= 8.0.0, <= 8.0.20
OracleMysql Workbench<= 8.0.21
OraclePeoplesoft Enterprise Peopletools8.56
OraclePeoplesoft Enterprise Peopletools8.57
OraclePeoplesoft Enterprise Peopletools8.58
OraclePeoplesoft Enterprise Peopletools8.59
NetappActive Iq Unified Manager>= 7.3
NetappActive Iq Unified Manager>= 9.5
NetappE-Series Performance AnalyzerAll versions
NetappOncommand InsightAll versions
NetappOncommand Workflow AutomationAll versions
NetappSmi-S ProviderAll versions
NetappSnapcenterAll versions
NetappSteelstore Cloud Integrated StorageAll versions
BroadcomFabric Operating SystemAll versions
OpensuseLeap15.1
OpensuseLeap15.2
JdedwardsEnterpriseone< 9.2.5.0
TenableLog Correlation Engine< 6.0.9

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-1967?
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
How severe is CVE-2020-1967?
CVE-2020-1967 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 53.34% probability of exploitation in the next 30 days.
How do I fix CVE-2020-1967?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-1967?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST