CVE-2020-1967: Segmentation fault in SSL_check_chain
First published: Tue Apr 21 2020(Updated: )
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
Credit: openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u1 3.0.11-1 | |
| OpenSSL OpenSSL | >=1.1.1d<=1.1.1f | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| FreeBSD FreeBSD | =12.1 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Oracle Application Server | =12.1.3 | |
| Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
| Oracle Enterprise Manager For Storage Management | =13.3.0.0 | |
| Oracle Enterprise Manager For Storage Management | =13.4.0.0 | |
| Oracle Enterprise Manager Ops Center | =12.4.0 | |
| Oracle HTTP Server | =12.2.1.4.0 | |
| Oracle Jd Edwards World Security | =a9.4 | |
| Oracle MySQL | <=5.6.48 | |
| Oracle MySQL | >=5.7.0<=5.7.30 | |
| Oracle MySQL | >=8.0.0<=8.0.20 | |
| Oracle Mysql Connectors | <=8.0.20 | |
| Oracle Mysql Enterprise Monitor | <=4.0.12 | |
| Oracle Mysql Enterprise Monitor | >=8.0.0<=8.0.20 | |
| Oracle Mysql Workbench | <=8.0.21 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
| Netapp Active Iq Unified Manager Windows | >=7.3 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
| Netapp E-series Performance Analyzer | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Smi-s Provider | ||
| Netapp Snapcenter | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Broadcom Fabric Operating System | ||
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Jdedwards Enterpriseone | <9.2.5.0 | |
| Tenable Log Correlation Engine | <6.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openssl.org/news/secadv/20200421.txt
- https://security-tracker.debian.org/tracker/CVE-2020-1967
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
- http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2020/May/5
- http://www.openwall.com/lists/oss-security/2020/04/22/2
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
- https://github.com/irsl/CVE-2020-1967
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
- https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
- https://security.gentoo.org/glsa/202004-10
- https://security.netapp.com/advisory/ntap-20200424-0003/
- https://security.netapp.com/advisory/ntap-20200717-0004/
- https://www.debian.org/security/2020/dsa-4661
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.synology.com/security/advisory/Synology_SA_20_05
- https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
- https://www.tenable.com/security/tns-2020-03
- https://www.tenable.com/security/tns-2020-04
- https://www.tenable.com/security/tns-2020-11
- https://www.tenable.com/security/tns-2021-10
- https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-1967.
How severe is CVE-2020-1967?
CVE-2020-1967 has a severity rating of 7.5 (High).
Which applications are affected by CVE-2020-1967?
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake are affected.
What is the impact of CVE-2020-1967?
The impact of CVE-2020-1967 is a crash of the application due to a NULL pointer dereference.
How can I fix CVE-2020-1967?
To fix CVE-2020-1967, update to the recommended versions of OpenSSL or apply the provided patches.
- collector/security-tracker-debian
- agent/type
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- package-manager/debian
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.1.1d
- version/openssl openssl/1.1.1f
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/12.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/oracle
- canonical/oracle application server
- version/oracle application server/12.1.3
- canonical/oracle enterprise manager base platform
- version/oracle enterprise manager base platform/13.4.0.0
- canonical/oracle enterprise manager for storage management
- version/oracle enterprise manager for storage management/13.3.0.0
- version/oracle enterprise manager for storage management/13.4.0.0
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.4.0
- canonical/oracle http server
- version/oracle http server/12.2.1.4.0
- canonical/oracle jd edwards world security
- version/oracle jd edwards world security/a9.4
- canonical/oracle mysql
- version/oracle mysql/5.6.48
- version/oracle mysql/5.7.0
- version/oracle mysql/5.7.30
- version/oracle mysql/8.0.0
- version/oracle mysql/8.0.20
- canonical/oracle mysql connectors
- version/oracle mysql connectors/8.0.20
- canonical/oracle mysql enterprise monitor
- version/oracle mysql enterprise monitor/4.0.12
- version/oracle mysql enterprise monitor/8.0.0
- version/oracle mysql enterprise monitor/8.0.20
- canonical/oracle mysql workbench
- version/oracle mysql workbench/8.0.21
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.56
- version/oracle peoplesoft enterprise peopletools/8.57
- version/oracle peoplesoft enterprise peopletools/8.58
- version/oracle peoplesoft enterprise peopletools/8.59
- vendor/netapp
- canonical/netapp active iq unified manager windows
- version/netapp active iq unified manager windows/7.3
- canonical/netapp active iq unified manager vmware vsphere
- version/netapp active iq unified manager vmware vsphere/9.5
- canonical/netapp e-series performance analyzer
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp smi-s provider
- canonical/netapp snapcenter
- canonical/netapp steelstore cloud integrated storage
- vendor/broadcom
- canonical/broadcom fabric operating system
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/jdedwards
- canonical/jdedwards enterpriseone
- vendor/tenable
- canonical/tenable log correlation engine