VDB
CVE-2020-1967
CVE-2020-1967
PUBLISHED
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
EPSS 60.77% · 98.3th percentile
Risk Scores
EPSS Score
60.77%
98.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | openssl | 0, 1.1.1c-1ubuntu4, 1.1.1f-1ubuntu1 |
Exploit Intelligence
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
- Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967) (github-poc-repo)
…and 40 more exploits
Timeline
- CVE Published
- Jun 11, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 15, 2021 EPSS Score
- Oct 21, 2021 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 25, 2023 EPSS Score
- Mar 12, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-1967 third-party-advisory
- https://www.openssl.org/news/secadv/20200421.txt third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-1967 third-party-advisory