CVE-2020-1967

Source
https://cve.org/CVERecord?id=CVE-2020-1967
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1967.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1967
Aliases
Downstream
Related
Published
2020-04-21T14:15:11.287Z
Modified
2026-07-08T05:58:40.059969452Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Server or client applications that call the SSLcheckchain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "vendor_product": "jdedwards:enterpriseone",
            "extracted_events": [
                {
                    "fixed": "9.2.5.0"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "7.3"
                },
                {
                    "introduced": "9.5"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "netapp:active_iq_unified_manager",
            "cpes": [
                "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.0.20"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:mysql_connectors",
            "cpes": [
                "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "4.0.12"
                },
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.0.20"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:mysql_enterprise_monitor",
            "cpes": [
                "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.0.21"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:mysql_workbench",
            "cpes": [
                "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "6.0.9"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "tenable:log_correlation_engine",
            "cpes": [
                "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "9.0"
                },
                {
                    "last_affected": "9.0"
                },
                {
                    "introduced": "10.0"
                },
                {
                    "last_affected": "10.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "debian:debian_linux",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "fedoraproject:fedora",
            "extracted_events": [
                {
                    "introduced": "30"
                },
                {
                    "last_affected": "30"
                },
                {
                    "introduced": "31"
                },
                {
                    "last_affected": "31"
                },
                {
                    "introduced": "32"
                },
                {
                    "last_affected": "32"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.1-NA"
                },
                {
                    "last_affected": "12.1-NA"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "freebsd:freebsd",
            "cpes": [
                "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "15.1"
                },
                {
                    "last_affected": "15.1"
                },
                {
                    "introduced": "15.2"
                },
                {
                    "last_affected": "15.2"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "opensuse:leap",
            "cpes": [
                "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"
            ]
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:application_server",
            "extracted_events": [
                {
                    "introduced": "12.1.3"
                },
                {
                    "last_affected": "12.1.3"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "13.4.0.0"
                },
                {
                    "last_affected": "13.4.0.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:enterprise_manager_base_platform",
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "13.3.0.0"
                },
                {
                    "last_affected": "13.3.0.0"
                },
                {
                    "introduced": "13.4.0.0"
                },
                {
                    "last_affected": "13.4.0.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:enterprise_manager_for_storage_management",
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.4.0"
                },
                {
                    "last_affected": "12.4.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:enterprise_manager_ops_center",
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:http_server",
            "cpes": [
                "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "a9.4"
                },
                {
                    "last_affected": "a9.4"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:jd_edwards_world_security",
            "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.56"
                },
                {
                    "last_affected": "8.56"
                },
                {
                    "introduced": "8.57"
                },
                {
                    "last_affected": "8.57"
                },
                {
                    "introduced": "8.58"
                },
                {
                    "last_affected": "8.58"
                },
                {
                    "introduced": "8.59"
                },
                {
                    "last_affected": "8.59"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:peoplesoft_enterprise_peopletools",
            "cpes": [
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Introduced
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.48"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "last_affected": "5.7.30"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.20"
        }
    ]
}

Affected versions

mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.6.40
mysql-5.6.45
mysql-5.6.47
mysql-5.6.48
mysql-5.7.30
mysql-8.*
mysql-8.0.20
mysql-cluster-8.*
mysql-cluster-8.0.20

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1967.json"

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.1.1d"
        },
        {
            "last_affected": "1.1.1f"
        }
    ]
}

Affected versions

Other
OpenSSL_1_1_1w

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1967.json"