CVE-2020-1887

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-1887
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1887.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-1887
Published
2020-03-13T00:15:11.557Z
Modified
2025-11-14T10:54:20.292818Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

References

Affected packages

Git / github.com/facebook/osquery

Affected ranges

Type
GIT
Repo
https://github.com/facebook/osquery
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4743cb94207023f76e2b4c3cd702f550d496d585

Affected versions

1.*

1.0.2
1.0.3
1.0.4
1.0.5
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.8.0
1.8.1
1.8.2

2.*

2.0.0
2.1.0
2.1.1
2.1.2
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.11.0
2.11.1
2.11.2
2.2.0
2.2.1
2.2.2
2.2.3
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.5.0
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.7.0
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2

3.*

3.0.0
3.1.0
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.1
3.3.2

4.*

4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2

v0.*

v0.0.1

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 1022.0,
            "function_hash": "273158579961805115862700900063516599254"
        },
        "id": "CVE-2020-1887-1797ac64",
        "target": {
            "function": "genShadowForAccount",
            "file": "osquery/tables/system/linux/shadow.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 733.0,
            "function_hash": "61067618039546645354593658920981466526"
        },
        "id": "CVE-2020-1887-2216083e",
        "target": {
            "function": "genOSVersion",
            "file": "osquery/tables/system/freebsd/os_version.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 1340.0,
            "function_hash": "13378356946865877945949171995832901057"
        },
        "id": "CVE-2020-1887-2fabd6c7",
        "target": {
            "function": "genOSVersion",
            "file": "osquery/tables/system/linux/os_version.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 2572.0,
            "function_hash": "30544221516589791012127459271212085521"
        },
        "id": "CVE-2020-1887-460df48f",
        "target": {
            "function": "readCrashDump",
            "file": "osquery/tables/system/darwin/crashes.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "142578115758219485587952117656713642368",
                "225995143103675811726671882952433928432",
                "111696813261040895536325853315910463439",
                "279955897258669123672496456899521997862",
                "56272030949323850053911262935206555053",
                "229485661886957026787231731481425080390",
                "233511511262770308709080654080649759609",
                "2829966396625842330520934704429387402",
                "251576282296805809645100305936944892630",
                "296859499417344554663678550888417592746",
                "174173826584239290339386869077829336024",
                "13154356051573719972080285371221508868",
                "234469929121311045564686490070081889028",
                "277909152306444875655501708831671787213",
                "318633897584871577586150779847113041143",
                "283181177285064130481614039121731121256",
                "183407841843554399415519589147051319164",
                "320436673510725511717283838266597794714",
                "8655169649128793754634517258362093909",
                "268298705457554012649930679450497902166",
                "11840540234973955057804895599355877640",
                "76597936924670614493697636151653891952",
                "76174538701259212385211425764365682614",
                "94968062150766636864916948822439118387"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-57ea168d",
        "target": {
            "file": "osquery/tables/system/freebsd/os_version.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 736.0,
            "function_hash": "1203775187090614272370091271593934418"
        },
        "id": "CVE-2020-1887-5cd29362",
        "target": {
            "function": "deletedMatchesInode",
            "file": "osquery/tables/system/linux/processes.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "151471340217496884789877775765160245608",
                "188626256021161890866711768994433379465",
                "131540800226138307385301778955574282046",
                "181256692239755795211303738589271454619",
                "21938001990655981160418536614731380671",
                "12897078430493682554174978738929125785",
                "65804570325762881997231894166581174226",
                "41513159038682102273294843071305682658",
                "70017870969874527689348215523843660484",
                "327614851871091032706583183214606382956",
                "78049422185700301468373706778909672132",
                "127647123121866473225616852586875592775",
                "145809400931853917531634689783689304610",
                "96463000393750454975458390229197520648"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-80cd3dd3",
        "target": {
            "file": "osquery/tables/system/windows/wmi_bios_info.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "94776239867274974102719450530649971277",
                "177009362355379199439939745828122580822",
                "227864619532736990441004424960098220773",
                "228351887425831820515992494236235613063",
                "271190293009672357644890319648614399337",
                "154118385802279557453742895795811516024",
                "123122303048331580255988742230135444255",
                "312783539669986883871668546313909289999",
                "333946823870353819358447634750527725987",
                "251576282296805809645100305936944892630",
                "296859499417344554663678550888417592746",
                "328242112509530179595364899251735857925",
                "39709267555782259501607757208257721866",
                "73085046514081487595576134407362468062",
                "175413145697808032748654932663354022352",
                "189089840584774117116198391529702569940",
                "291086428104081115410711124367606848959",
                "334188330330763520092995633378314264497",
                "230342870469263745407049408447269093644",
                "237439854281527860203391309101663012994",
                "290532123222377996988662956211757672898",
                "85364829330419680768734331317739514400",
                "275825912138776525840883578589196720805",
                "271810206593738317113048299388427779554",
                "175738512531203141503450720812832083924"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-8badfe44",
        "target": {
            "file": "osquery/tables/system/linux/os_version.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 965.0,
            "function_hash": "29445867199628897050793522840260159349"
        },
        "id": "CVE-2020-1887-8db7c048",
        "target": {
            "function": "genShellHistoryFromFile",
            "file": "osquery/tables/system/posix/shell_history.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "338397232734628382163275918751675413185",
                "88091653361145767026902193452006336130",
                "204468377689586563295409847219885084392",
                "3823070121637527801470081814266163548",
                "206401951412020454418810458584475214904",
                "118583226228256647212346246754011014225",
                "23386651553375255350099854929167529958",
                "137580666084262615065124488773742494150",
                "291121702748207661184386482234400218273",
                "297237877649867509796389185520485352288",
                "284076877074514857274220895714324443161",
                "191849003019508849131361424740194569345",
                "109476028270624925246526403050957335292",
                "154192369507832128760318699445293392011",
                "69978784334293331374299658634488754468",
                "18380722976790617176069434455571149680",
                "245836066212920900933397471743078316497",
                "161162202488475065231920887472339304182",
                "56146900793041404307663733549318104153",
                "195716530634288211259942785369761366723",
                "13173195776908714245302366199532280922",
                "71409548498249158069136660091702325521",
                "88547883584795931686031151748739793709",
                "165899113029655764131261571119523963790",
                "325177867388241720308277509995027221563",
                "165828886712284194381968651682641259261",
                "8688153307847824746169783780092736302",
                "174706182270592484934480536012756984248"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-af8f1ee8",
        "target": {
            "file": "osquery/tables/system/posix/shell_history.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 319.0,
            "function_hash": "333442616718209452156345533704201091567"
        },
        "id": "CVE-2020-1887-b1527051",
        "target": {
            "function": "getHPBiosInfo",
            "file": "osquery/tables/system/windows/wmi_bios_info.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "36769191492741651284778052156887258038",
                "250407661955739851798882356900641080879",
                "17348272157287936986940757018582287628",
                "74499523796124950587902009808220222295",
                "108035500479961625989350858345860581234",
                "106384891403213325075572402105448313513",
                "310162372660752798181932360898912422914",
                "226520555657366658023320856200761604474",
                "88267368157262220205319233854238144763",
                "288143899326426842234314891176658641389",
                "304376446366203486962749999272495214875",
                "213663248035424683728187061467924505214",
                "296955901302060567300902420875415854656",
                "70614027938339246462236695508662765359",
                "236170176527669046830930951172908648118",
                "165610591246117098969317036331612112463",
                "151778684674329653565835240870309808133",
                "127153755173591439927233169905100764312",
                "176435128063650280850566337488557666133",
                "21495548953553702480130246500401475598",
                "134118807089181800361116748538117734294",
                "340063150400632530987492950264485101481",
                "25930120533114513172310901804188586610",
                "121946168193883694281033114520073421199",
                "3960796058467075209478502918733380629",
                "7503553187350130647517010523882749033",
                "335566097000745585925383999444054058850"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-c6dcbffe",
        "target": {
            "file": "osquery/tables/system/darwin/crashes.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "83519174407124066849097723768883524703",
                "256141963949862692645543046568083831327",
                "12220616630686735045263833760530643187",
                "333805049911738920690243141655139597812",
                "195115133570542203529962381388337244605",
                "66413750797949695328665696119198527050",
                "104432228444356273277803531380066113571",
                "185983833844207688049444102176923117261",
                "138737703068272787334798683261913125238",
                "240670026073941432622315045619177498166",
                "27845830654998858594517522179616714935"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-cef977cb",
        "target": {
            "file": "osquery/tables/system/linux/processes.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "47314543251811039146645733668765002834",
                "79312227905365244619671068243955806681",
                "158265203236686453153949081626077078367",
                "5793252852270739057478610003589258485",
                "155516970534118185680292756229356452596",
                "143544896448529166241643405511017291345",
                "69160681266172138921371483325081058803",
                "185899547227089520033566185614292761463",
                "51086418252244906282732440664452202534",
                "266764824712220356456721586897811568209",
                "40807595558544630750764623743996613806",
                "197335734484946641819495522449287353184",
                "153243265917571241903961240174276933570",
                "93460759601768730325609440388586482298",
                "301525055376873749014811650513531402348"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-ea130625",
        "target": {
            "file": "osquery/tables/system/linux/shadow.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "143848895287888319954664887948823650899",
                "230167199851658222654252992026531037916",
                "233384592818890004190470348412672945960",
                "252031135471521591825802398821363459858",
                "236818935056182812947630787486332407525",
                "115404497447402476440550268510193350281",
                "338929284044653307692298659958835009670",
                "66569362344333503783342402672247621232",
                "286360267911798136107816442671609290235"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1887-f26129d7",
        "target": {
            "file": "osquery/tables/system/windows/programs.cpp"
        },
        "source": "https://github.com/facebook/osquery/commit/4743cb94207023f76e2b4c3cd702f550d496d585"
    }
]