VYPR
← All advisories
High severityNVD Advisory· Published Apr 21, 2020· Updated Sep 17, 2024

Segmentation fault in SSL_check_chain

CVE-2020-1967

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenSSL TLS 1.3 NULL pointer dereference via crafted signature_algorithms_cert extension leads to denial of service in versions 1.1.1d-1.1.1f.

Vulnerability

CVE-2020-1967 is a NULL pointer dereference in OpenSSL's SSL_check_chain() function during a TLS 1.3 handshake. The flaw arises from incorrect handling of the signature_algorithms_cert extension when an invalid or unrecognized signature algorithm is received from the peer [1]. This affects OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f [1].

Exploitation

A malicious peer sends a crafted TLS 1.3 ClientHello or ServerHello containing a malformed signature_algorithms_cert extension. The crash occurs if the server or client calls SSL_check_chain() during or after the handshake. Notably, popular web servers like Apache httpd and Nginx do not invoke this function, limiting the attack surface to custom applications or specific configurations [4]. A proof-of-concept exploit is publicly available [4].

Impact

Successful exploitation allows a remote, unauthenticated attacker to cause a denial of service (DoS) by crashing the peer application [3]. The vulnerability does not lead to data compromise or privilege escalation.

Mitigation

The issue is fixed in OpenSSL 1.1.1g [1]. Users should upgrade immediately. No workaround exists [3]. FreeBSD systems are patched in FreeBSD-SA-20:11.openssl [3].

References
  1. NVD - CVE-2020-1967
  2. https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
  3. GitHub - irsl/CVE-2020-1967: Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openssl-srccrates.io
>= 111.6.0, < 111.9.0111.9.0

Affected products

23

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

43

News mentions

0

No linked articles in our index yet.