Main Vulnerability Database Exploits ID:2616 - Exploit for NULL pointer dereference in OpenSSL - CVE-2020-1967

ID:2616 - Exploit for NULL pointer dereference in OpenSSL - CVE-2020-1967

Published: April 29, 2020

Vulnerability identifier: #VU27061

Vulnerability risk: Medium

CVE-ID: CVE-2020-1967

CWE-ID: CWE-476

Exploitation vector: Remote access

Vulnerable software:
OpenSSL

Link to public exploit:

https://github.com/irsl/CVE-2020-1967

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the SSL_check_chain() function during or after a TLS 1.3 handshake. A remote attacker can send an invalid or unrecognised signature algorithm and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

ID:2616 - Exploit for NULL pointer dereference in OpenSSL - CVE-2020-1967

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human