What is CVE-2020-1967?

CVE-2020-1967 is a vulnerability in Openssl. Published 2020-04-21.

Is CVE-2020-1967 known to be exploited?

32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The…

EPSS: 0.608 (98.3th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)

Public proof-of-concept exploits

References

FreeBSD-SA-20:11 (vendor-advisory, x_refsource_FREEBSD)
DSA-4661 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24? (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24? (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24? (mailing-list, x_refsource_MLIST)
GLSA-202004-10 (vendor-advisory, x_refsource_GENTOO)
FEDORA-2020-fcc91a28e8 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-da2d1ef2d7 (vendor-advisory, x_refsource_FEDORA)
20200501 CVE-2020-1967: proving sigalg != NULL (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2020-1967?: CVE-2020-1967 is a vulnerability in Openssl. Published 2020-04-21.
Is CVE-2020-1967 known to be exploited?: 32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.