ID

VAR-202004-2205


CVE

CVE-2020-1967


TITLE

OpenSSL  In  NULL  Pointer reference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-003713

DESCRIPTION

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). OpenSSL for, NULL Pointer reference vulnerability (CWE-476) exists. OpenSSL Project Than, OpenSSL Security Advisory [21 April 2020] Has been published. Severity - high (Severity: HIGH)SSL_check_chain Segmentation violation in function - CVE-2020-1967TLS 1.3 of signature_algorithms_cert When processing extensions NULL Because pointer reference occurs, communication after handshake SSL_check_chain() The server or client application may crash when the function is executed.Denial of service by receiving a specially crafted message by a remote third party (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A remote attacker could exploit this vulnerability to crash the server or client application. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202004-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: April 23, 2020 Bugs: #702176, #717442 ID: 202004-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.1.1g >= 1.1.1g Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could perform a malicious crafted TLS 1.3 handshake against an application using OpenSSL, possibly resulting in a Denial of Service condition. In addition, it's feasible that an attacker might attack DH512. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1g" References ========== [ 1 ] CVE-2019-1551 https://nvd.nist.gov/vuln/detail/CVE-2019-1551 [ 2 ] CVE-2020-1967 https://nvd.nist.gov/vuln/detail/CVE-2020-1967 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202004-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The oldstable distribution (stretch) is not affected. For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u3. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6e+koACgkQEMKTtsN8 TjZYpA//YvGfr9NTErugtCJQ7KwRJGrXeKsYehR/EJXj1wR77f6k4HRc5J9AiLbV HaS+EKOPWS+buQ6MTS4hslwxhNzAlnharrzhSh2RrUZTfYB66+GhiPiilf09iXsG 2xTTqQW2stoOhzo8Qw6cN3SL7avw61moJwcIlFYxZ4wMuAZbLVSUw2Dlnk0LN3UP 4LD5k5sEYzlt57rygNJsFkquwpr5eth3FvCm5WYGorvcEJzhgdTgnerpSD1DYd84 eZczcYXCnnjXKeeJT3TPIgDiNt3eSP5ixQni1+lpR3bGfZHmlr7MwhhttQMvL+o7 lFP+M19/osxkYs9jt69naDxQIo0tHomrVCtBhTPdC6EIUPGMv4sIjLSIcJKWMhfC tax66NcCWrgRn62v60IgY26nWg52ZLezcOZyqUrMfeEzzCT3lQ5vXd7/+23YU689 PKTpXw4eyOEg3wp7kjyS9Xd2xGjwzGzq5jjK4cVwTPCZMhnlQTef7WLoWLwSqHIi pUTDnZZsBZJJ5l8Xp5j2tAwFhUseih1zd0Iz32Jog2YdUFZ4gd280/whDs8Iu9SR ZeD0mpKw0vsBvG6/yDypbOmRCvrhjSgtixx5Z/yiswSP0WGZg2Y+GAl9LVByBY7K JzfXM799tz16MrKVinXPsIAfZTrr6nbrxYuyDwQ4X7iFdJZ6T3g= =RykD -----END PGP SIGNATURE----- . It was found using the new static analysis pass being implemented in GCC, -fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin Kaduk. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html This issue did not affect OpenSSL 1.1.0 however these versions are out of support and no longer receiving updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20200421.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Trust: 2.07

sources: NVD: CVE-2020-1967 // JVNDB: JVNDB-2020-003713 // VULHUB: VHN-173071 // VULMON: CVE-2020-1967 // PACKETSTORM: 157365 // PACKETSTORM: 168793 // PACKETSTORM: 169658

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.3.0.0

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:12.1.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:oraclemodel:jd edwards world securityscope:eqversion:a9.4

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.7.30

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:12.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:8.0.0

Trust: 1.0

vendor:broadcommodel:fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.2

Trust: 1.0

vendor:netappmodel:smi-s providerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:9.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:mysql connectorsscope:lteversion:8.0.20

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:7.3

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:jdedwardsmodel:enterpriseonescope:ltversion:9.2.5.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:4.0.12

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:netappmodel:e-series performance analyzerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.20

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:1.1.1f

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:5.7.0

Trust: 1.0

vendor:tenablemodel:log correlation enginescope:ltversion:6.0.9

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.6.48

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1d

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:8.0.20

Trust: 1.0

vendor:oraclemodel:mysql workbenchscope:lteversion:8.0.21

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:opensslmodel:opensslscope: - version: -

Trust: 0.8

vendor:日立model:日立アドバンストサーバ ha8000 シリーズscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-003713 // NVD: CVE-2020-1967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1967
value: HIGH

Trust: 1.0

NVD: CVE-2020-1967
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1790
value: HIGH

Trust: 0.6

VULHUB: VHN-173071
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-1967
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1967
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-173071
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1967
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-1967
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-173071 // VULMON: CVE-2020-1967 // JVNDB: JVNDB-2020-003713 // CNNVD: CNNVD-202004-1790 // NVD: CVE-2020-1967

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:NULL Pointer dereference (CWE-476) [JPCERT/CC evaluation ]

Trust: 0.8

sources: VULHUB: VHN-173071 // JVNDB: JVNDB-2020-003713 // NVD: CVE-2020-1967

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 157365 // CNNVD: CNNVD-202004-1790

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202004-1790

PATCH

title:NV22-002 Hitachi Server / Client Product Security Informationurl:https://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1

Trust: 0.8

title:OpenSSL Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116271

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2020/04/23/gcc_openssl_vulnerability/

Trust: 0.2

title:Debian Security Advisories: DSA-4661-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=4173cc0125cd07aebab9bc8365a85a63

Trust: 0.1

title:Arch Linux Advisories: [ASA-202004-18] openssl: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202004-18

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-1967 log

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-04

Trust: 0.1

title:Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-11

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-03

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Agent 8.2.2 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-13

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus 8.13.1 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-12

Trust: 0.1

title:Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-10

Trust: 0.1

title:CVE-2020-1967url:https://github.com/irsl/CVE-2020-1967

Trust: 0.1

title:sheldon-crossurl:https://github.com/rossmacarthur/sheldon-cross

Trust: 0.1

title: - url:https://github.com/snigdhasambitak/cks

Trust: 0.1

title:miscurl:https://github.com/dragon7-fc/misc

Trust: 0.1

title: - url:https://github.com/omnibor/bomsh

Trust: 0.1

title:tekton-image-scan-trivyurl:https://github.com/vinamra28/tekton-image-scan-trivy

Trust: 0.1

title:TASSL-1.1.1kurl:https://github.com/jntass/TASSL-1.1.1k

Trust: 0.1

title: - url:https://github.com/scholarnishu/Trivy-by-AquaSecurity

Trust: 0.1

title: - url:https://github.com/fredrkl/trivy-demo

Trust: 0.1

title:github_aquasecurity_trivyurl:https://github.com/back8/github_aquasecurity_trivy

Trust: 0.1

title:securityurl:https://github.com/umahari/security

Trust: 0.1

title: - url:https://github.com/Mohzeela/external-secret

Trust: 0.1

title:Vulnerability-Scanner-for-Containersurl:https://github.com/t31m0/Vulnerability-Scanner-for-Containers

Trust: 0.1

title:trivyurl:https://github.com/aquasecurity/trivy

Trust: 0.1

title:trivyurl:https://github.com/knqyf263/trivy

Trust: 0.1

title:trivyurl:https://github.com/siddharthraopotukuchi/trivy

Trust: 0.1

title:snykouturl:https://github.com/garethr/snykout

Trust: 0.1

title: - url:https://github.com/aravindb26/new.txt

Trust: 0.1

title: - url:https://github.com/soosmile/POC

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2020-1967 // JVNDB: JVNDB-2020-003713 // CNNVD: CNNVD-202004-1790

EXTERNAL IDS

db:NVDid:CVE-2020-1967

Trust: 3.7

db:PULSESECUREid:SA44440

Trust: 1.8

db:PACKETSTORMid:157527

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2020/04/22/2

Trust: 1.8

db:TENABLEid:TNS-2020-04

Trust: 1.8

db:TENABLEid:TNS-2020-11

Trust: 1.8

db:TENABLEid:TNS-2021-10

Trust: 1.8

db:TENABLEid:TNS-2020-03

Trust: 1.8

db:ICS CERTid:ICSA-24-046-02

Trust: 0.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:JVNid:JVNVU97087254

Trust: 0.8

db:JVNDBid:JVNDB-2020-003713

Trust: 0.8

db:CNNVDid:CNNVD-202004-1790

Trust: 0.7

db:PACKETSTORMid:157365

Trust: 0.7

db:PACKETSTORMid:157324

Trust: 0.6

db:AUSCERTid:ESB-2021.0319

Trust: 0.6

db:AUSCERTid:ESB-2020.1392

Trust: 0.6

db:AUSCERTid:ESB-2020.2551

Trust: 0.6

db:AUSCERTid:ESB-2020.1381

Trust: 0.6

db:AUSCERTid:ESB-2020.1564

Trust: 0.6

db:AUSCERTid:ESB-2021.1916

Trust: 0.6

db:AUSCERTid:ESB-2020.3729

Trust: 0.6

db:NSFOCUSid:47020

Trust: 0.6

db:VULHUBid:VHN-173071

Trust: 0.1

db:VULMONid:CVE-2020-1967

Trust: 0.1

db:PACKETSTORMid:168793

Trust: 0.1

db:PACKETSTORMid:169658

Trust: 0.1

sources: VULHUB: VHN-173071 // VULMON: CVE-2020-1967 // JVNDB: JVNDB-2020-003713 // PACKETSTORM: 157365 // PACKETSTORM: 168793 // PACKETSTORM: 169658 // CNNVD: CNNVD-202004-1790 // NVD: CVE-2020-1967

REFERENCES

url:http://packetstormsecurity.com/files/157527/openssl-signature_algorithms_cert-denial-of-service.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://www.openssl.org/news/secadv/20200421.txt

Trust: 1.9

url:https://www.debian.org/security/2020/dsa-4661

Trust: 1.9

url:https://security.gentoo.org/glsa/202004-10

Trust: 1.9

url:https://github.com/irsl/cve-2020-1967

Trust: 1.9

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44440

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200424-0003/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200717-0004/

Trust: 1.8

url:https://www.synology.com/security/advisory/synology_sa_20_05

Trust: 1.8

url:https://www.synology.com/security/advisory/synology_sa_20_05_openssl

Trust: 1.8

url:https://www.tenable.com/security/tns-2020-03

Trust: 1.8

url:https://www.tenable.com/security/tns-2020-04

Trust: 1.8

url:https://www.tenable.com/security/tns-2020-11

Trust: 1.8

url:https://www.tenable.com/security/tns-2021-10

Trust: 1.8

url:https://security.freebsd.org/advisories/freebsd-sa-20:11.openssl.asc

Trust: 1.8

url:http://seclists.org/fulldisclosure/2020/may/5

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2020/04/22/2

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-1967

Trust: 1.7

url:https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xvep3lak4jsprxfo4qf4gg2ivxadv3so/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ddhoaatpwjcxrnfmj2sasdbbnu5rjony/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/exddaowsaiefqnbhwye6ppyfv4qxgmcd/

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=eb563247aef3e83dda7679c43f9649270462e5b1

Trust: 1.1

url:https://jvn.jp/vu/jvnvu97087254/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91198149/index.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2020/at200018.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-02

Trust: 0.8

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/exddaowsaiefqnbhwye6ppyfv4qxgmcd/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ddhoaatpwjcxrnfmj2sasdbbnu5rjony/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xvep3lak4jsprxfo4qf4gg2ivxadv3so/

Trust: 0.7

url:https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3729/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-1967

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-spectrum-control-cve-2020-1967-cve-2019-1551/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0319/

Trust: 0.6

url:https://packetstormsecurity.com/files/157365/gentoo-linux-security-advisory-202004-10.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1967/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-disclosed-vulnerability-affects-messagegatweay-cve-2020-1967/

Trust: 0.6

url:https://vigilance.fr/vulnerability/openssl-null-pointer-dereference-via-ssl-check-chain-32076

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1392/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1564/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1916

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-01-openssl-cn

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2551/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2020-1967/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1381/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47020

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/

Trust: 0.6

url:https://packetstormsecurity.com/files/157324/openssl-toolkit-1.1.1g.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/476.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1551

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl

Trust: 0.1

url:https://www.openssl.org/support/contracts.html

Trust: 0.1

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.1

sources: VULHUB: VHN-173071 // VULMON: CVE-2020-1967 // JVNDB: JVNDB-2020-003713 // PACKETSTORM: 157365 // PACKETSTORM: 168793 // PACKETSTORM: 169658 // CNNVD: CNNVD-202004-1790 // NVD: CVE-2020-1967

CREDITS

Imre Rad

Trust: 0.6

sources: CNNVD: CNNVD-202004-1790

SOURCES

db:VULHUBid:VHN-173071
db:VULMONid:CVE-2020-1967
db:JVNDBid:JVNDB-2020-003713
db:PACKETSTORMid:157365
db:PACKETSTORMid:168793
db:PACKETSTORMid:169658
db:CNNVDid:CNNVD-202004-1790
db:NVDid:CVE-2020-1967

LAST UPDATE DATE

2024-08-14T13:11:34.167000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-173071date:2021-12-10T00:00:00
db:VULMONid:CVE-2020-1967date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-003713date:2024-02-19T05:59:00
db:CNNVDid:CNNVD-202004-1790date:2021-10-21T00:00:00
db:NVDid:CVE-2020-1967date:2023-11-07T03:19:39.090

SOURCES RELEASE DATE

db:VULHUBid:VHN-173071date:2020-04-21T00:00:00
db:VULMONid:CVE-2020-1967date:2020-04-21T00:00:00
db:JVNDBid:JVNDB-2020-003713date:2020-04-23T00:00:00
db:PACKETSTORMid:157365date:2020-04-23T19:28:42
db:PACKETSTORMid:168793date:2020-04-28T19:12:00
db:PACKETSTORMid:169658date:2020-04-21T12:12:12
db:CNNVDid:CNNVD-202004-1790date:2020-04-21T00:00:00
db:NVDid:CVE-2020-1967date:2020-04-21T14:15:11.287