CVE-2020-1967— Openssl OpenSSL 代码问题漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2020-1967 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Segmentation fault in SSL_check_chain
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Openssl OpenSSL 代码问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.1.1d版本、1.1.1e版本和1.1.1f版本中的‘SSL_check_chain()’函数存在代码问题漏洞。远程攻击者可利用该漏洞导致服务器或客户端应用程序崩溃。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2020-1967 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) | https://github.com/irsl/CVE-2020-1967 | POC详情 |
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2020-1967 的情报信息
请登录查看更多情报信息。
CVE-2020-1967 厂商安全公告 (10)
- https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
- https://www.openssl.org/news/secadv/20200421.txtx_refsource_CONFIRM
- https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
- https://security.netapp.com/advisory/ntap-20200424-0003/x_refsource_CONFIRM
- https://security.netapp.com/advisory/ntap-20200717-0004/x_refsource_CONFIRM
CVE-2020-1967 公开利用代码 (1)
CVE-2020-1967 邮件列表归档 (10)
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.htmlvendor-advisoryx_refsource_SUSE
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/vendor-advisoryx_refsource_FEDORA
CVE-2020-1967 其他参考 (10)
- https://www.tenable.com/security/tns-2020-04x_refsource_CONFIRM
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440x_refsource_CONFIRM
- https://www.synology.com/security/advisory/Synology_SA_20_05x_refsource_CONFIRM
- https://www.tenable.com/security/tns-2021-10x_refsource_CONFIRM
- https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSLx_refsource_CONFIRM
- https://www.tenable.com/security/tns-2020-11x_refsource_CONFIRM
- https://www.tenable.com/security/tns-2020-03x_refsource_CONFIRM
- https://github.com/irsl/CVE-2020-1967x_refsource_MISC
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.ascvendor-advisoryx_refsource_FREEBSD
IV. Related Vulnerabilities
V. Comments for CVE-2020-1967
暂无评论