7.5
CVE-2020-1967
- EPSS 66.69%
- Published 21.04.2020 14:15:11
- Last modified 21.11.2024 05:11:45
- Source openssl-security@openssl.org
- Teams watchlist Login
- Open Login
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Oracle ≫ Application Server Version12.1.3
Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0
Oracle ≫ Enterprise Manager For Storage Management Version13.3.0.0
Oracle ≫ Enterprise Manager For Storage Management Version13.4.0.0
Oracle ≫ Enterprise Manager Ops Center Version12.4.0
Oracle ≫ HTTP Server Version12.2.1.4.0
Oracle ≫ Jd Edwards World Security Versiona9.4
Oracle ≫ Mysql Connectors Version <= 8.0.20
Oracle ≫ Mysql Enterprise Monitor Version <= 4.0.12
Oracle ≫ Mysql Enterprise Monitor Version >= 8.0.0 <= 8.0.20
Oracle ≫ Mysql Workbench Version <= 8.0.21
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59
Netapp ≫ Active Iq Unified Manager SwPlatformwindows Version >= 7.3
Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
Netapp ≫ E-series Performance Analyzer Version-
Netapp ≫ Oncommand Insight Version-
Netapp ≫ Oncommand Workflow Automation Version-
Netapp ≫ Smi-s Provider Version-
Netapp ≫ Snapcenter Version-
Netapp ≫ Steelstore Cloud Integrated Storage Version-
Broadcom ≫ Fabric Operating System Version-
Jdedwards ≫ Enterpriseone Version < 9.2.5.0
Tenable ≫ Log Correlation Engine Version < 6.0.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 66.69% | 0.985 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.