Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
Las aplicaciones de Servidor o Cliente que llaman a la función SSL_check_chain() durante o después del protocolo de enlace de TLS versión 1.3, puede bloquear debido a una desreferencia del puntero NULL como resultado de un manejo incorrecto de la extensión TLS "signature_algorithms_cert". El bloqueo ocurre si se recibe un algoritmo de firma no comprobada o ni reconocido del peer. Esto podría ser explotado por un peer malicioso en un ataque de Denegación de Servicio. OpenSSL versiones 1.1.1d, 1.1.1e y 1.1.1f están afectadas por este problema. Este problema no afectaba a OpenSSL versiones anteriores a la versión 1.1.1d. Corregido en OpenSSL versión 1.1.1g (Afectado en la versión 1.1.1d-1.1.1f).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
AV:N/AC:L/Au:N/C:N/I:N/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-476
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openssl | openssl | * | <built-in method update of dict object at 0x72a9a1f95d80> | Application |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x72a9a1f94680> | Operating System |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x72a9b0aa5000> | Operating System |
| freebsd | freebsd | 12.1 | <built-in method update of dict object at 0x72a9cc523cc0> | Operating System |
| fedoraproject | fedora | 30 | <built-in method update of dict object at 0x72a9a1f95e40> | Operating System |
| fedoraproject | fedora | 31 | <built-in method update of dict object at 0x72a9a1f94840> | Operating System |
| fedoraproject | fedora | 32 | <built-in method update of dict object at 0x72a9b0aa4dc0> | Operating System |
| oracle | application_server | 12.1.3 | <built-in method update of dict object at 0x72a9a1f94380> | Application |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | <built-in method update of dict object at 0x72a9a1f96a00> | Application |
| oracle | enterprise_manager_for_storage_management | 13.3.0.0 | <built-in method update of dict object at 0x72a9a1f95240> | Application |
| oracle | enterprise_manager_for_storage_management | 13.4.0.0 | <built-in method update of dict object at 0x72a9a1f95740> | Application |
| oracle | enterprise_manager_ops_center | 12.4.0 | <built-in method update of dict object at 0x72a9a1f97d40> | Application |
| oracle | http_server | 12.2.1.4.0 | <built-in method update of dict object at 0x72a9a1f963c0> | Application |
| oracle | jd_edwards_world_security | a9.4 | <built-in method update of dict object at 0x72a9a1f95900> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x72a9a1f942c0> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x72a9a1f96b80> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x72a9cc774500> | Application |
| oracle | mysql_connectors | * | <built-in method update of dict object at 0x72a9b0aa40c0> | Application |
| oracle | mysql_enterprise_monitor | * | <built-in method update of dict object at 0x72a9a1f948c0> | Application |
| oracle | mysql_enterprise_monitor | * | <built-in method update of dict object at 0x72a9cc523fc0> | Application |
| oracle | mysql_workbench | * | <built-in method update of dict object at 0x72a9a1f96880> | Application |
| oracle | peoplesoft_enterprise_peopletools | 8.56 | <built-in method update of dict object at 0x72a9a1f96600> | Application |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | <built-in method update of dict object at 0x72a99977b680> | Application |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | <built-in method update of dict object at 0x72a9a1f96b40> | Application |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | <built-in method update of dict object at 0x72a9a1f95500> | Application |
| netapp | active_iq_unified_manager | * | <built-in method update of dict object at 0x72a9a1f977c0> | Application |
| netapp | active_iq_unified_manager | * | <built-in method update of dict object at 0x72a9cc523900> | Application |
| netapp | e-series_performance_analyzer | - | <built-in method update of dict object at 0x72a9a1f94cc0> | Application |
| netapp | oncommand_insight | - | <built-in method update of dict object at 0x72a99977a6c0> | Application |
| netapp | oncommand_workflow_automation | - | <built-in method update of dict object at 0x72a999778440> | Application |
| netapp | smi-s_provider | - | <built-in method update of dict object at 0x72a99977aa80> | Application |
| netapp | snapcenter | - | <built-in method update of dict object at 0x72a99977a0c0> | Application |
| netapp | steelstore_cloud_integrated_storage | - | <built-in method update of dict object at 0x72a99977bc40> | Application |
| broadcom | fabric_operating_system | - | <built-in method update of dict object at 0x72a99977bc80> | Operating System |
| opensuse | leap | 15.1 | <built-in method update of dict object at 0x72a999778f80> | Operating System |
| opensuse | leap | 15.2 | <built-in method update of dict object at 0x72a99977b500> | Operating System |
| jdedwards | enterpriseone | * | <built-in method update of dict object at 0x72a99977b880> | Application |
| tenable | log_correlation_engine | * | <built-in method update of dict object at 0x72a999778a00> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* |
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* |