mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 16:50:28 +01:00

Files

Tony Arcieri 67a2144be6 RUSTSEC-2020-0015: remove wildcards (#451 )

They're breaking the parser:

https://github.com/RustSec/rustsec-crate/pull/244/checks?check_run_id=1305962917

2020-10-25 14:39:06 -07:00

723 B

Raw Blame History

[advisory]
id = "RUSTSEC-2020-0015"
package = "openssl-src"
aliases = ["CVE-2020-1967"]
categories = ["denial-of-service"]
date = "2020-04-25"
url = "https://www.openssl.org/news/secadv/20200421.txt"

[versions]
patched = [">= 111.9"]
unaffected = ["< 111.6"]

Crash causing Denial of Service attack

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.

723 B Raw Blame History

Crash causing Denial of Service attack

723 B

Raw Blame History