Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
OpenSSL server or client applications are prone to a denial-of-service vulnerability.
Insight
Insight
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer.
Affected Software
Affected Software
OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f. This issue does not impact OpenSSL versions prior to 1.1.1d.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update OpenSSL to version 1.1.1g or later. See the references for more details.