Merge pull request #277 from lzutao/cve-openssl

warn about CVE-2020-1967
2025-12-31 16:50:28 +01:00 · 2020-05-04 16:38:10 -07:00
parent e4ac8b16e7 cff4f820ac
commit f2feb205c6
1 changed files with 18 additions and 0 deletions
--- a/crates/openssl-src/RUSTSEC-0000-0000.toml
+++ b/crates/openssl-src/RUSTSEC-0000-0000.toml
@@ -0,0 +1,18 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "openssl-src"
+date = "2020-04-25"
+title = "Crash causing Denial of Service attack"
+url = "https://www.openssl.org/news/secadv/20200421.txt"
+categories = ["denial-of-service"]
+description = """
+Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 
+handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 
+"signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature 
+algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of 
+Service attack."""
+aliases = ["CVE-2020-1967"]
+
+[versions]
+patched = [">= 111.9.0+1.1.1g"]
+unaffected = ["< 111.6.0+1.1.1d"]