Reported

April 25, 2020

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

openssl-src (crates.io)

Type

Vulnerability

Categories

• denial-of-service

Aliases

• CVE-2020-1967
• GHSA-jq65-29v4-4x35

References

• https://www.openssl.org/news/secadv/20200421.txt

CVSS Score

7.5 HIGH

CVSS Details

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

None

Integrity Impact

None

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Patched

• >=111.9

Unaffected

• <111.6

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.

Advisory available under CC0-1.0 license.