CVE - CVE - 2020 - 1967

CVE-ID
cve - 2020 - 1967	了解更多国家漏洞数据库(NVD) •CVSS严重性评级•修复信息•••CPE SCAP映射脆弱的软件版本信息
描述
服务器或客户端应用程序调用SSL_check_chain()函数或TLS 1.3后握手期间可能会崩溃由于空指针废弃的结果不正确处理“signature_algorithms_cert TLS的扩展。碰撞时如果无效或未收到对方签名算法。这可能是被恶意利用拒绝服务攻击同行。OpenSSL版本1.1.1d、1.1.1e 1.1.1f受到这个问题的影响。这个问题并不影响OpenSSL 1.1.1d之前版本。固定在OpenSSL 1.1.1g (1.1.1d-1.1.1f影响)。
引用
注意:引用为方便读者提供帮助区分漏洞。并不是完整列表。
确认:https://git.openssl.org/gitweb/?p=openssl.git; = commitdiff; h = eb563247aef3e83dda7679c43f9649270462e5b1 URL: https://git.openssl.org/gitweb/?p=openssl.git; = commitdiff; h = eb563247aef3e83dda7679c43f9649270462e5b1 确认:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440 URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440 确认:https://security.netapp.com/advisory/ntap 0003/——20200424 URL: https://security.netapp.com/advisory/ntap 0003/——20200424 确认:https://security.netapp.com/advisory/ntap 0004/——20200717 URL: https://security.netapp.com/advisory/ntap 0004/——20200717 确认:https://www.openssl.org/news/万博下载包secadv/20200421.txt URL: https://www.openssl.org万博下载包/news/secadv/20200421.txt 确认:https://www.synology.com/security/advisory/Synology_SA_20_05 URL: https://www.synology.com/security/advisory/Synology_SA_20_05 确认:https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL URL: https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL 确认:https://www.tenable.com/security/tns - 2020 - 03 URL: https://www.tenable.com/security/tns——2020 - 03 确认:https://www.tenable.com/security/tns - 2020 - 04 URL: https://www.tenable.com/security/tns——2020 - 04 确认:https://www.tenable.com/security/tns - 2020 - 11所示 URL: https://www.tenable.com/security/tns——2020 - 11 确认:https://www.tenable.com/security/tns - 2021 - 10 URL: https://www.tenable.com/security/tns——2021 - 10 DEBIAN: dsa - 4661 URL: https://www.debian.org/security/2020/dsa - 4661 FEDORA: FEDORA - 2020 d7b29838f6 URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/ FEDORA: FEDORA - 2020 da2d1ef2d7 URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/ FEDORA: FEDORA - 2020 fcc91a28e8 URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/ FREEBSD: FreeBSD-SA-20:11 URL: https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc FULLDISC: 20200501 cve - 2020 - 1967:证明sigalg ! = NULL URL: http://seclists.org/fulldisclosure/2020/May/5 GENTOO: glsa - 202004 - 10 URL: https://security.gentoo.org/glsa/202004-10 MISC: http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html URL: http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html MISC: https://github.com/irsl/cve - 2020 - 1967 URL: https://github.com/irsl/cve - 2020 - 1967 MISC: https://www.oracle.com//security-alerts/cpujul2021.html URL: https://www.oracle.com//security-alerts/cpujul2021.html MISC: https://www.oracle.com/security-alerts/cpuApr2021.html URL: https://www.oracle.com/security-alerts/cpuApr2021.html MISC: https://www.oracle.com/security-alerts/cpujan2021.html URL: https://www.oracle.com/security-alerts/cpujan2021.html MISC: https://www.oracle.com/security-alerts/cpujul2020.html URL: https://www.oracle.com/security-alerts/cpujul2020.html MISC: https://www.oracle.com/security-alerts/cpuoct2020.html URL: https://www.oracle.com/security-alerts/cpuoct2020.html MISC: https://www.oracle.com/security-alerts/cpuoct2021.html URL: https://www.oracle.com/security-alerts/cpuoct2021.html MLIST (oss-security): 20200422 (cve - 2020 - 1967)在SSL_check_chain OpenSSL 1.1.1d +段错误 URL: http://www.openwall.com/lists/oss-security/2020/04/22/2 MLIST: [tomcat-dev] 20200422 Re:时间为Tomcat的本地1.2.24吗? URL: https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@ cdev.tomcat.apache.org % 3 e % 3 MLIST (tomcat-dev): 20200422时间Tomcat原生1.2.24吗? URL: https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@ cdev.tomcat.apache.org % 3 e % 3 MLIST: [tomcat-dev] 20200423 Re:时间为Tomcat的本地1.2.24吗? URL: https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@ cdev.tomcat.apache.org % 3 e % 3 SUSE: openSUSE-SU-2020:0933 URL: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html SUSE: openSUSE-SU-2020:0945 URL: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
分配中央社
OpenSSL软件基金会
创建日期记录
20191203	免责声明:记录创建日期可能反映了CVE ID分配或保留的时候,,不一定表示当发现了这个漏洞,与受影响的供应商,在CVE公开披露,或更新。
阶段(遗留)
分配(20191203)
票(遗留)

评论(遗留)

提出(遗留)
N /一个
这是一个记录CVE列表,它提供了共同的标识符公开已知的网络安全漏洞。
CVE使用关键字搜索: 你也可以搜索参考使用CVE参考地图。
更多信息:CVE请求Web表单(从下拉框中选择“其他”)

回到顶部

cve - 2020 - 1967