High severity7.5NVD Advisory· Published Apr 21, 2020· Updated Jun 17, 2026
CVE-2020-1967
CVE-2020-1967
Description
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | >= 111.6.0, < 111.9.0 | 111.9.0 |
Affected products
23- osv-coords22 versionspkg:apk/chainguard/mysql-8.0pkg:apk/chainguard/mysql-8.0-bitnami-compatpkg:apk/chainguard/mysql-8.0-clientpkg:apk/chainguard/mysql-8.0-devpkg:apk/chainguard/mysql-8.0-iamguarded-compatpkg:apk/chainguard/mysql-8.0-oci-entrypointpkg:apk/chainguard/mysql-8.0-oci-entrypoint-compatpkg:cargo/openssl-srcpkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rust1.53&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rust-cbindgen&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/rust-cbindgen&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/rust&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/rust&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
< 8.0.38-r0+ 21 more
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: >= 111.6.0, < 111.9.0
- (no CPE)range: < 1.1.1l-1.2
- (no CPE)range: < 1.53.0-2.5
- (no CPE)range: < 0.14.1-lp151.8.2
- (no CPE)range: < 0.14.1-lp152.2.4.1
- (no CPE)range: < 1.43.1-lp151.5.13.1
- (no CPE)range: < 1.43.1-lp152.3.5.1
- (no CPE)range: < 1.1.1d-2.23.1
- (no CPE)range: < 1.1.1d-2.23.1
- (no CPE)range: < 1.1.1d-2.23.1
- (no CPE)range: < 1.1.1d-2.23.1
- (no CPE)range: < 1.1.1d-2.23.1
- (no CPE)range: < 1.1.1d-2.23.1
- (no CPE)range: < 1.43.1-12.1
- (no CPE)range: < 1.43.1-12.1
- Range: Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)
Patches
Vulnerability mechanics
References
43- security.freebsd.org/advisories/FreeBSD-SA-20:11.openssl.ascnvdPatchThird Party AdvisoryWEB
- www.oracle.com//security-alerts/cpujul2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujan2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.htmlnvdMailing ListThird Party AdvisoryWEB
- packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.htmlnvdThird Party AdvisoryVDB EntryWEB
- seclists.org/fulldisclosure/2020/May/5nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2020/04/22/2nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-jq65-29v4-4x35ghsaADVISORY
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-1967ghsaADVISORY
- security.gentoo.org/glsa/202004-10nvdThird Party AdvisoryWEB
- security.netapp.com/advisory/ntap-20200424-0003/nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20200717-0004/nvdThird Party Advisory
- www.debian.org/security/2020/dsa-4661nvdThird Party AdvisoryWEB
- www.openssl.org/news/secadv/20200421.txtnvdVendor AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2020.htmlnvdThird Party AdvisoryWEB
- www.synology.com/security/advisory/Synology_SA_20_05nvdThird Party AdvisoryWEB
- www.synology.com/security/advisory/Synology_SA_20_05_OpenSSLnvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2020-03nvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2020-04nvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2020-11nvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2021-10nvdThird Party AdvisoryWEB
- git.openssl.org/gitweb/ghsaWEB
- lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONYghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCDghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SOghsaWEB
- rustsec.org/advisories/RUSTSEC-2020-0015.htmlghsaWEB
- security.netapp.com/advisory/ntap-20200424-0003ghsaWEB
- security.netapp.com/advisory/ntap-20200717-0004ghsaWEB
- git.openssl.org/gitweb/nvd
- lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3Envd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/nvd
News mentions
0No linked articles in our index yet.