mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-07 04:01:35 +01:00
19 lines
756 B
TOML
19 lines
756 B
TOML
[advisory]
|
|
id = "RUSTSEC-2020-0015"
|
|
package = "openssl-src"
|
|
date = "2020-04-25"
|
|
title = "Crash causing Denial of Service attack"
|
|
url = "https://www.openssl.org/news/secadv/20200421.txt"
|
|
categories = ["denial-of-service"]
|
|
description = """
|
|
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3
|
|
handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the
|
|
"signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature
|
|
algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of
|
|
Service attack."""
|
|
aliases = ["CVE-2020-1967"]
|
|
|
|
[versions]
|
|
patched = [">= 111.9.0+1.1.1g"]
|
|
unaffected = ["< 111.6.0+1.1.1d"]
|