mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-07 04:01:35 +01:00
67a2144be6
They're breaking the parser: https://github.com/RustSec/rustsec-crate/pull/244/checks?check_run_id=1305962917
22 lines
723 B
Markdown
22 lines
723 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0015"
|
|
package = "openssl-src"
|
|
aliases = ["CVE-2020-1967"]
|
|
categories = ["denial-of-service"]
|
|
date = "2020-04-25"
|
|
url = "https://www.openssl.org/news/secadv/20200421.txt"
|
|
|
|
[versions]
|
|
patched = [">= 111.9"]
|
|
unaffected = ["< 111.6"]
|
|
```
|
|
|
|
# Crash causing Denial of Service attack
|
|
|
|
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3
|
|
handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the
|
|
"signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature
|
|
algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of
|
|
Service attack.
|