Scan for free your assets for this vulnerability
Download Mageni to scan your assets for this plus 99,432 more vulnerabilities. It is free to get started and can be installed in Windows, macOS and Linux.
OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
OpenSSL server or client applications are prone to a denial-of-service vulnerability.
Insight
Insight
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer.
Affected Software
Affected Software
OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f. This issue does not impact OpenSSL versions prior to 1.1.1d.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update OpenSSL to version 1.1.1g or later. See the references for more details.
Common Vulnerabilities and Exposures (CVE)
Know your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.
Get Started for Free