2019-12-03 21:01:06 +00:00
{
"CVE_data_meta" : {
2020-04-21 14:33:32 +01:00
"ASSIGNER" : "openssl-security@openssl.org" ,
"DATE_PUBLIC" : "2020-04-21" ,
2019-12-03 21:01:06 +00:00
"ID" : "CVE-2020-1967" ,
2020-04-21 14:33:32 +01:00
"STATE" : "PUBLIC" ,
"TITLE" : "Segmentation fault in SSL_check_chain"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenSSL" ,
"version" : {
"version_data" : [
{
"version_value" : "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
}
]
}
}
]
} ,
"vendor_name" : "OpenSSL"
}
]
}
2019-12-03 21:01:06 +00:00
} ,
2020-04-21 14:33:32 +01:00
"credit" : [
{
"lang" : "eng" ,
"value" : "Bernd Edlinger"
}
] ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
2019-12-03 21:01:06 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2020-04-21 14:33:32 +01:00
"value" : "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
}
]
} ,
"impact" : [
{
"lang" : "eng" ,
"url" : "https://www.openssl.org/policies/secpolicy.html#High" ,
"value" : "High"
}
] ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "NULL pointer dereference"
}
]
}
]
} ,
"references" : {
"reference_data" : [
2020-04-21 19:01:28 +00:00
{
"refsource" : "FREEBSD" ,
"name" : "FreeBSD-SA-20:11" ,
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
2020-04-21 20:01:22 +00:00
} ,
{
"refsource" : "DEBIAN" ,
"name" : "DSA-4661" ,
"url" : "https://www.debian.org/security/2020/dsa-4661"
2020-04-22 09:01:13 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain" ,
"url" : "http://www.openwall.com/lists/oss-security/2020/04/22/2"
2020-04-22 13:01:15 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?" ,
"url" : "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E"
2020-04-22 14:01:15 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?" ,
"url" : "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E"
2020-04-22 18:01:16 +00:00
} ,
2020-04-23 10:01:13 +00:00
{
"refsource" : "MLIST" ,
"name" : "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?" ,
"url" : "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E"
2020-04-23 16:01:19 +00:00
} ,
{
"refsource" : "GENTOO" ,
"name" : "GLSA-202004-10" ,
"url" : "https://security.gentoo.org/glsa/202004-10"
2020-04-24 11:01:13 +00:00
} ,
{
2020-07-15 03:02:07 +00:00
"refsource" : "FEDORA" ,
"name" : "FEDORA-2020-fcc91a28e8" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
2020-04-24 15:01:14 +00:00
} ,
{
2020-07-15 03:02:07 +00:00
"refsource" : "FEDORA" ,
"name" : "FEDORA-2020-da2d1ef2d7" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
} ,
{
"refsource" : "FULLDISC" ,
"name" : "20200501 CVE-2020-1967: proving sigalg != NULL" ,
"url" : "http://seclists.org/fulldisclosure/2020/May/5"
2020-04-26 05:01:13 +00:00
} ,
{
"refsource" : "FEDORA" ,
2020-07-15 03:02:07 +00:00
"name" : "FEDORA-2020-d7b29838f6" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
} ,
{
"refsource" : "SUSE" ,
"name" : "openSUSE-SU-2020:0933" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
} ,
{
"refsource" : "SUSE" ,
"name" : "openSUSE-SU-2020:0945" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
} ,
{
"url" : "https://www.oracle.com/security-alerts/cpujul2020.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpujul2020.html"
2020-04-28 19:01:13 +00:00
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://www.tenable.com/security/tns-2020-03" ,
"url" : "https://www.tenable.com/security/tns-2020-03"
2020-04-30 05:01:11 +00:00
} ,
{
2020-07-15 03:02:07 +00:00
"name" : "https://www.openssl.org/news/secadv/20200421.txt" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.openssl.org/news/secadv/20200421.txt"
} ,
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1" ,
"refsource" : "CONFIRM" ,
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440" ,
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://security.netapp.com/advisory/ntap-20200424-0003/" ,
"url" : "https://security.netapp.com/advisory/ntap-20200424-0003/"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL" ,
"url" : "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
2020-05-01 17:01:22 +00:00
} ,
{
"refsource" : "MISC" ,
"name" : "https://github.com/irsl/CVE-2020-1967" ,
"url" : "https://github.com/irsl/CVE-2020-1967"
2020-05-01 20:01:12 +00:00
} ,
2020-05-04 19:01:28 +00:00
{
"refsource" : "MISC" ,
"name" : "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html" ,
"url" : "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
2020-05-09 06:01:12 +00:00
} ,
2020-05-10 15:01:15 +00:00
{
"refsource" : "CONFIRM" ,
"name" : "https://www.synology.com/security/advisory/Synology_SA_20_05" ,
"url" : "https://www.synology.com/security/advisory/Synology_SA_20_05"
2020-06-03 00:01:29 +00:00
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://www.tenable.com/security/tns-2020-04" ,
"url" : "https://www.tenable.com/security/tns-2020-04"
2020-07-17 12:01:53 +00:00
} ,
2020-10-20 22:01:54 +00:00
{
"url" : "https://www.oracle.com/security-alerts/cpuoct2020.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuoct2020.html"
} ,
2020-07-17 12:01:53 +00:00
{
"refsource" : "CONFIRM" ,
"name" : "https://security.netapp.com/advisory/ntap-20200717-0004/" ,
"url" : "https://security.netapp.com/advisory/ntap-20200717-0004/"
2020-12-21 18:02:00 +00:00
} ,
2021-01-20 15:02:47 +00:00
{
"url" : "https://www.oracle.com/security-alerts/cpujan2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpujan2021.html"
} ,
2020-12-21 18:02:00 +00:00
{
"refsource" : "CONFIRM" ,
"name" : "https://www.tenable.com/security/tns-2020-11" ,
"url" : "https://www.tenable.com/security/tns-2020-11"
2021-06-02 19:00:47 +00:00
} ,
2021-06-14 18:01:21 +00:00
{
"url" : "https://www.oracle.com/security-alerts/cpuApr2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuApr2021.html"
} ,
2021-06-02 19:00:47 +00:00
{
"refsource" : "CONFIRM" ,
"name" : "https://www.tenable.com/security/tns-2021-10" ,
"url" : "https://www.tenable.com/security/tns-2021-10"
2021-07-20 14:01:27 -07:00
} ,
{
2021-07-21 00:01:00 +00:00
"url" : "https://www.oracle.com//security-alerts/cpujul2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com//security-alerts/cpujul2021.html"
2021-10-19 14:23:14 -07:00
} ,
{
2021-10-20 11:01:27 +00:00
"url" : "https://www.oracle.com/security-alerts/cpuoct2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuoct2021.html"
2019-12-03 21:01:06 +00:00
}
]
}
}
