{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"}]}], "credits": [{"lang": "en", "value": "Bernd Edlinger"}], "datePublic": "2020-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "NULL pointer dereference", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-20T10:39:19", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"name": "FreeBSD-SA-20:11", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"}, {"name": "DSA-4661", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4661"}, {"name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"}, {"name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"}, {"name": "GLSA-202004-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202004-10"}, {"name": "FEDORA-2020-fcc91a28e8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"}, {"name": "FEDORA-2020-da2d1ef2d7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"}, {"name": "20200501 CVE-2020-1967: proving sigalg != NULL", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/May/5"}, {"name": "FEDORA-2020-d7b29838f6", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"}, {"name": "openSUSE-SU-2020:0933", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"}, {"name": "openSUSE-SU-2020:0945", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2020-03"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20200421.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/irsl/CVE-2020-1967"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2020-04"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2020-11"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-10"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "title": "Segmentation fault in SSL_check_chain", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2020-04-21", "ID": "CVE-2020-1967", "STATE": "PUBLIC", "TITLE": "Segmentation fault in SSL_check_chain"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Bernd Edlinger"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "NULL pointer dereference"}]}]}, "references": {"reference_data": [{"name": "FreeBSD-SA-20:11", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"}, {"name": "DSA-4661", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4661"}, {"name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"}, {"name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E"}, {"name": "GLSA-202004-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202004-10"}, {"name": "FEDORA-2020-fcc91a28e8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"}, {"name": "FEDORA-2020-da2d1ef2d7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"}, {"name": "20200501 CVE-2020-1967: proving sigalg != NULL", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/May/5"}, {"name": "FEDORA-2020-d7b29838f6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"}, {"name": "openSUSE-SU-2020:0933", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"}, {"name": "openSUSE-SU-2020:0945", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.tenable.com/security/tns-2020-03", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2020-03"}, {"name": "https://www.openssl.org/news/secadv/20200421.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20200421.txt"}, {"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1"}, {"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"}, {"name": "https://security.netapp.com/advisory/ntap-20200424-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"}, {"name": "https://github.com/irsl/CVE-2020-1967", "refsource": "MISC", "url": "https://github.com/irsl/CVE-2020-1967"}, {"name": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_20_05", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"}, {"name": "https://www.tenable.com/security/tns-2020-04", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2020-04"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://security.netapp.com/advisory/ntap-20200717-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "https://www.tenable.com/security/tns-2020-11", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2020-11"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://www.tenable.com/security/tns-2021-10", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-10"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.398Z"}, "title": "CVE Program Container", "references": [{"name": "FreeBSD-SA-20:11", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"}, {"name": "DSA-4661", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4661"}, {"name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"}, {"name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"}, {"name": "GLSA-202004-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202004-10"}, {"name": "FEDORA-2020-fcc91a28e8", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"}, {"name": "FEDORA-2020-da2d1ef2d7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"}, {"name": "20200501 CVE-2020-1967: proving sigalg != NULL", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/May/5"}, {"name": "FEDORA-2020-d7b29838f6", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"}, {"name": "openSUSE-SU-2020:0933", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"}, {"name": "openSUSE-SU-2020:0945", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2020-03"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20200421.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/irsl/CVE-2020-1967"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2020-04"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2020-11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2020-1967", "datePublished": "2020-04-21T13:45:15.136203Z", "dateReserved": "2019-12-03T00:00:00", "dateUpdated": "2024-09-17T03:13:46.200Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "90907017-473C-48CA-9441-DAFAF5F81049", "versionEndIncluding": "1.1.1f", "versionStartIncluding": "1.1.1d", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", "matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CDD7E6AC-A613-4938-91D1-402DA2038875", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F87918FE-62C0-4DC5-8894-847DFB5B7E5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6C5EC81-F74A-4280-A041-EC5EE36D0919", "versionEndIncluding": "5.6.48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1A68EF8-15AA-42A7-9734-6F9470EB35CD", "versionEndIncluding": "5.7.30", "versionStartIncluding": "5.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E1A3769-E443-4511-B349-B5304F5E6EBD", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F198EB3-A3AB-42EA-BF3A-D8BB4D9210EE", "versionEndIncluding": "8.0.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A3BBE71-CA00-4F54-9210-FC7572C87CFB", "versionEndIncluding": "4.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "73573516-EDA0-4176-A3ED-2F7006C87F8E", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E07B577-50FE-43B4-8AAD-4C267A494A36", "versionEndIncluding": "8.0.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E4475E9-FF6F-4B94-8989-D8E2EB69F782", "versionEndExcluding": "9.2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ACF85D6-6B45-43DA-9C01-F0208186F014", "versionEndExcluding": "6.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."}, {"lang": "es", "value": "Las aplicaciones de Servidor o Cliente que llaman a la funci\u00f3n SSL_check_chain() durante o despu\u00e9s del protocolo de enlace de TLS versi\u00f3n 1.3, puede bloquear debido a una desreferencia del puntero NULL como resultado de un manejo incorrecto de la extensi\u00f3n TLS \"signature_algorithms_cert\". El bloqueo ocurre si se recibe un algoritmo de firma no comprobada o ni reconocido del peer. Esto podr\u00eda ser explotado por un peer malicioso en un ataque de Denegaci\u00f3n de Servicio. OpenSSL versiones 1.1.1d, 1.1.1e y 1.1.1f est\u00e1n afectadas por este problema. Este problema no afectaba a OpenSSL versiones anteriores a la versi\u00f3n 1.1.1d. Corregido en OpenSSL versi\u00f3n 1.1.1g (Afectado en la versi\u00f3n 1.1.1d-1.1.1f)."}], "id": "CVE-2020-1967", "lastModified": "2023-11-07T03:19:39.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-21T14:15:11.287", "references": [{"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/May/5"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"}, {"source": "openssl-security@openssl.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/irsl/CVE-2020-1967"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"}, {"source": "openssl-security@openssl.org", "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"}, {"source": "openssl-security@openssl.org", "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"}, {"source": "openssl-security@openssl.org", "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202004-10"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4661"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20200421.txt"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2020-03"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2020-04"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2020-11"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-10"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Bernd Edlinger as the original reporter.", "bugzilla": {"description": "openssl: Segmentation fault in SSL_check_chain causes denial of service", "id": "1823670", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1823670"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).", "A NULL pointer dereference flaw was found in the way OpenSSL handled certain TLS handshake messages. This flaw allows an unauthenticated attacker to cause a server application compiled with OpenSSL to crash, causing a denial of service. In some cases a malicious server could also cause a client compiled with OpenSSL to crash."], "mitigation": {"lang": "en:us", "value": "Applications compiled with OpenSSL >= 1.1.1d that either use openssl without invoking the `SSL_check_chain()` function or do not use TLS 1.3 are not vulnerable to this flaw."}, "name": "CVE-2020-1967", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 5"}], "public_date": "2020-04-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-1967\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1967\nhttps://www.openssl.org/news/secadv/20200421.txt"], "statement": "This flaw was introduced by the following OpenSSL commit:\nhttps://github.com/openssl/openssl/commit/5235ef44b93306a14d0b6c695b13c64b16e1fdec\nwhich was shipped as a part of OpenSSL-1.1.1d, therefore older versions are not affected by this flaw. \nOpenSSL packages shipped with Red Hat Products are NOT affected by this flaw.\nThe affected `signature_algorithm_cert` check which causes the flaw is only applied to TLS 1.3, therefore older versions of TLS are not be affected by this flaw.\nAlso, the vulnerable `SSL_check_chain()` is not called directly from libssl, but may be used by the application inside a callback (e.g., client_hello or cert callback) to verify that a candidate certificate chain will be acceptable to the client. Thus, applications that use openssl without invoking the `SSL_check_chain()` function are not vulnerable to this flaw.\nLastly, no Red Hat Middleware products ship the affected version of OpenSSL. However, some components, such as Netty and Wildfly, may be configured by customers to use any OpenSSL version. Customers who have configured their setups to use a vulnerable version of OpenSSL are advised to upgrade to the latest unaffected version immediately.", "threat_severity": "Important", "upstream_fix": "openssl 1.1.1g"}