CVE-2020-1967
- Source
- https://cve.org/CVERecord?id=CVE-2020-1967
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1967.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-1967
- Aliases
- Downstream
- Related
- Published
- 2020-04-21T14:15:11.287Z
- Modified
- 2026-05-28T04:05:16.074867414Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Server or client applications that call the SSLcheckchain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
- Database specific
{ "unresolved_ranges": [ { "vendor_product": "jdedwards:enterpriseone", "cpes": [ "cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "9.2.5.0" } ], "source": "CPE_RANGE" }, { "vendor_product": "netapp:active_iq_unified_manager", "cpes": [ "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*" ], "extracted_events": [ { "introduced": "7.3" }, { "introduced": "9.5" } ], "source": "CPE_RANGE" }, { "vendor_product": "oracle:mysql_connectors", "cpes": [ "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.0.20" } ], "source": "CPE_RANGE" }, { "vendor_product": "oracle:mysql_enterprise_monitor", "cpes": [ "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "4.0.12" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.20" } ], "source": "CPE_RANGE" }, { "vendor_product": "oracle:mysql_workbench", "cpes": [ "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.0.21" } ], "source": "CPE_RANGE" }, { "vendor_product": "tenable:log_correlation_engine", "cpes": [ "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "6.0.9" } ], "source": "CPE_RANGE" }, { "vendor_product": "debian:debian_linux", "cpes": [ "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "9.0" }, { "last_affected": "10.0" } ], "source": "CPE_STRING" }, { "vendor_product": "fedoraproject:fedora", "cpes": [ "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "30" }, { "last_affected": "31" }, { "last_affected": "32" } ], "source": "CPE_STRING" }, { "vendor_product": "freebsd:freebsd", "cpes": [ "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "12.1-NA" } ], "source": "CPE_STRING" }, { "vendor_product": "opensuse:leap", "cpes": [ "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "15.1" }, { "last_affected": "15.2" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:application_server", "cpes": [ "cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "12.1.3" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:enterprise_manager_base_platform", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "13.4.0.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:enterprise_manager_for_storage_management", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "13.3.0.0" }, { "last_affected": "13.4.0.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:enterprise_manager_ops_center", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "12.4.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:http_server", "cpes": [ "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "12.2.1.4.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:jd_edwards_world_security", "cpes": [ "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "a9.4" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:peoplesoft_enterprise_peopletools", "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.56" }, { "last_affected": "8.57" }, { "last_affected": "8.58" }, { "last_affected": "8.59" } ], "source": "CPE_STRING" } ] }- References
-
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1
- https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
- http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2020/May/5
- http://www.openwall.com/lists/oss-security/2020/04/22/2
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
- https://security.gentoo.org/glsa/202004-10
- https://security.netapp.com/advisory/ntap-20200424-0003/
- https://security.netapp.com/advisory/ntap-20200717-0004/
- https://www.debian.org/security/2020/dsa-4661
- https://www.openssl.org/news/secadv/20200421.txt
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.synology.com/security/advisory/Synology_SA_20_05
- https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
- https://www.tenable.com/security/tns-2020-03
- https://www.tenable.com/security/tns-2020-04
- https://www.tenable.com/security/tns-2020-11
- https://www.tenable.com/security/tns-2021-10
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/irsl/CVE-2020-1967
Affected packages
Git / github.com/mysql/mysql-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedIntroducedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "5.6.48" }, { "introduced": "5.7.0" }, { "last_affected": "5.7.30" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.20" } ], "cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "source": "CPE_RANGE" }
Affected versions
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.6.40
mysql-5.6.45
mysql-5.6.47
mysql-5.6.48
mysql-5.7.30
mysql-8.*
mysql-8.0.20
mysql-cluster-8.*
mysql-cluster-8.0.20