Home

CVE-2020-1967

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the signature_algorithms_cert TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
64.688

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mysql 5.6.21Windows
Multiple vulnerabilities affected in Mysql 5.6.22Windows
Multiple vulnerabilities affected in Mysql 5.6.23Windows
Multiple vulnerabilities affected in Mysql 5.6.24Windows
Multiple vulnerabilities affected in Mysql 5.6.25Windows
Multiple vulnerabilities affected in Mysql 5.6.26Windows
Multiple vulnerabilities affected in Mysql 5.6.35Windows
Multiple vulnerabilities affected in Mysql 5.6.9Windows
Multiple Vulnerabilities are affected in Mysql 8.0.20Windows
Multiple Vulnerabilities are affected in Mysql 8.0.5Windows
Multiple Vulnerabilities are affected in OpenSSL 1.1.1Windows
Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Nessus Agent (8.2.2.20039)Windows
Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Nessus Agent (x64) (8.2.2.20039)Windows
Vulnerabilities CVE-2019-1551,CVE-2020-1967 are fixed in Nessus Agent 7.6.3Windows
Vulnerabilities CVE-2020-14539,CVE-2020-14559,CVE-2020-1967 are affected in Mysql 5.6.48Windows
Multiple vulnerabilities are affected in Mysql 5.7.30Windows
Vulnerabilities CVE-2020-1730,CVE-2020-1967 are affected in MySQL Workbench Enterprise Edition 8.0.21Windows
Vulnerabilities CVE-2020-1730,CVE-2020-1967 are affected in MySQL Workbench CE (x64) 8.0.21Windows
Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Nessus 8.13.1Windows
Vulnerabilities CVE-2020-1967 are fixed in Nessus 5.11.1Windows
Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Tenable Nessus 8.13.1Windows
Vulnerabilities CVE-2020-1967 are fixed in Tenable Nessus 5.11.1Windows
Multiple Vulnerabilities are affected in Netapp Snapcenter -Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation -Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight -Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3Windows
Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.58Windows
openssl security update(DSA-4661-1) openssl_1.1.1d-0+deb10u3_i386.debLinux
openssl security update(DSA-4661-1) openssl_1.1.1d-0+deb10u3_amd64.debLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_1-1.1.1d-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-1.1.1d-2.23.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_1-32bit-1.1.1d-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-32bit-1.1.1d-2.23.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_1-debuginfo-1.1.1d-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-1.1.1d-2.23.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_1-debuginfo-32bit-1.1.1d-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-32bit-1.1.1d-2.23.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP4 ) openssl-1_1-1.1.1d-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debuginfo-1.1.1d-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP4 ) openssl-1_1-debuginfo-1.1.1d-2.23.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debugsource-1.1.1d-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1058-1(SUSE Linux Enterprise Server 12-SP4 ) openssl-1_1-debugsource-1.1.1d-2.23.1.x86_64_SP4.rpmLinux
Multiple vulnerabilities affected in Mysql 5.6.21 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.22 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.23 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.24 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.25 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.26 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.35 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.9 (For Linux)Linux
Multiple Vulnerabilities are affected in Mysql 8.0.5 (For Linux)Linux
NULL Pointer Dereference Vulnerability (CVE-2020-1967)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-337447Nessus Agent (10.6.1)
PATCH-337448Nessus Agent (x64) (10.6.1)
PATCH-337447Nessus Agent (10.6.1)
PATCH-347137MySQL Workbench CE (x64) (8.0.42)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234