ID

VAR-202004-2205

CVE

CVE-2020-1967

TITLE

OpenSSL  In  NULL  Pointer reference vulnerability

DESCRIPTION

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). OpenSSL for, NULL Pointer reference vulnerability (CWE-476) exists. OpenSSL Project Than, OpenSSL Security Advisory [21 April 2020] Has been published. Severity - high (Severity: HIGH)SSL_check_chain Segmentation violation in function - CVE-2020-1967TLS 1.3 of signature_algorithms_cert When processing extensions NULL Because pointer reference occurs, communication after handshake SSL_check_chain() The server or client application may crash when the function is executed.Denial of service by receiving a specially crafted message by a remote third party (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A remote attacker could exploit this vulnerability to crash the server or client application. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202004-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: April 23, 2020 Bugs: #702176, #717442 ID: 202004-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.1.1g >= 1.1.1g Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could perform a malicious crafted TLS 1.3 handshake against an application using OpenSSL, possibly resulting in a Denial of Service condition. In addition, it's feasible that an attacker might attack DH512. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1g" References ========== [ 1 ] CVE-2019-1551 https://nvd.nist.gov/vuln/detail/CVE-2019-1551 [ 2 ] CVE-2020-1967 https://nvd.nist.gov/vuln/detail/CVE-2020-1967 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202004-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The oldstable distribution (stretch) is not affected. For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u3. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6e+koACgkQEMKTtsN8 TjZYpA//YvGfr9NTErugtCJQ7KwRJGrXeKsYehR/EJXj1wR77f6k4HRc5J9AiLbV HaS+EKOPWS+buQ6MTS4hslwxhNzAlnharrzhSh2RrUZTfYB66+GhiPiilf09iXsG 2xTTqQW2stoOhzo8Qw6cN3SL7avw61moJwcIlFYxZ4wMuAZbLVSUw2Dlnk0LN3UP 4LD5k5sEYzlt57rygNJsFkquwpr5eth3FvCm5WYGorvcEJzhgdTgnerpSD1DYd84 eZczcYXCnnjXKeeJT3TPIgDiNt3eSP5ixQni1+lpR3bGfZHmlr7MwhhttQMvL+o7 lFP+M19/osxkYs9jt69naDxQIo0tHomrVCtBhTPdC6EIUPGMv4sIjLSIcJKWMhfC tax66NcCWrgRn62v60IgY26nWg52ZLezcOZyqUrMfeEzzCT3lQ5vXd7/+23YU689 PKTpXw4eyOEg3wp7kjyS9Xd2xGjwzGzq5jjK4cVwTPCZMhnlQTef7WLoWLwSqHIi pUTDnZZsBZJJ5l8Xp5j2tAwFhUseih1zd0Iz32Jog2YdUFZ4gd280/whDs8Iu9SR ZeD0mpKw0vsBvG6/yDypbOmRCvrhjSgtixx5Z/yiswSP0WGZg2Y+GAl9LVByBY7K JzfXM799tz16MrKVinXPsIAfZTrr6nbrxYuyDwQ4X7iFdJZ6T3g= =RykD -----END PGP SIGNATURE----- . It was found using the new static analysis pass being implemented in GCC, -fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin Kaduk. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html This issue did not affect OpenSSL 1.1.0 however these versions are out of support and no longer receiving updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20200421.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

code problem

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Imre Rad

SOURCES

LAST UPDATE DATE

2024-08-14T13:11:34.167000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE