CVE-2020-1967 Overview
CVE-2020-1967 is a NULL pointer dereference vulnerability affecting OpenSSL's handling of the signature_algorithms_cert TLS extension during TLS 1.3 handshakes. Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash when receiving an invalid or unrecognized signature algorithm from a peer. This vulnerability can be exploited by a malicious peer to conduct Denial of Service (DoS) attacks against affected systems.
The vulnerability specifically affects OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f, with the fix released in OpenSSL 1.1.1g. Given OpenSSL's ubiquitous presence in internet infrastructure, this vulnerability has a broad impact affecting numerous enterprise products from Oracle, NetApp, Broadcom, and various Linux distributions.
Critical Impact
A remote attacker can cause service disruption by sending malformed TLS 1.3 handshake messages containing invalid signature algorithms, causing vulnerable applications to crash via NULL pointer dereference.
Affected Products
- OpenSSL 1.1.1d, 1.1.1e, 1.1.1f
- Debian Linux 9.0 and 10.0
- FreeBSD 12.1
- Fedora 30, 31, and 32
- Oracle MySQL, MySQL Connectors, MySQL Enterprise Monitor, MySQL Workbench
- Oracle Application Server 12.1.3, HTTP Server 12.2.1.4.0
- Oracle PeopleSoft Enterprise PeopleTools 8.56, 8.57, 8.58, 8.59
- Oracle Enterprise Manager Base Platform, Ops Center, Storage Management
- NetApp Active IQ Unified Manager, SnapCenter, OnCommand products
- Broadcom Fabric Operating System
- openSUSE Leap 15.1 and 15.2
- Tenable Log Correlation Engine
Discovery Timeline
- April 21, 2020 - CVE-2020-1967 published to NVD
- April 21, 2020 - OpenSSL releases security advisory and patch (version 1.1.1g)
- November 21, 2024 - Last updated in NVD database
Technical Details for CVE-2020-1967
Vulnerability Analysis
This vulnerability is classified as CWE-476 (NULL Pointer Dereference). The flaw resides in OpenSSL's TLS 1.3 implementation, specifically in the handling of the signature_algorithms_cert extension. When the SSL_check_chain() function processes this extension during or after the TLS handshake, it fails to properly validate signature algorithm values received from the peer.
The vulnerability is remotely exploitable over the network without authentication or user interaction. An attacker can send specially crafted TLS 1.3 handshake messages to trigger the NULL pointer dereference, causing the affected application to crash. While this does not allow code execution or data theft, the availability impact is significant as it enables reliable service disruption.
Root Cause
The root cause is improper input validation in the SSL_check_chain() function when processing the signature_algorithms_cert TLS extension. When an invalid or unrecognized signature algorithm is received from a peer during a TLS 1.3 handshake, the code path leads to dereferencing a NULL pointer. The fix implemented in OpenSSL 1.1.1g adds proper validation to check for NULL values before dereferencing, preventing the crash condition.
Attack Vector
The attack is network-based and can be initiated by any malicious peer (either client or server) during a TLS 1.3 handshake. The attack flow is as follows:
- Attacker initiates or responds to a TLS 1.3 connection with a vulnerable server/client
- During the handshake, the attacker sends a malformed signature_algorithms_cert extension containing an invalid or unrecognized signature algorithm identifier
- The victim's application calls SSL_check_chain() to validate the certificate chain
- The function fails to handle the invalid algorithm, resulting in a NULL pointer dereference
- The application crashes, causing denial of service
This vulnerability is particularly concerning for services that handle many concurrent TLS connections, as repeated exploitation can cause persistent service outages. A proof-of-concept exploit is publicly available on GitHub and Packet Storm, making exploitation straightforward for attackers.
Detection Methods for CVE-2020-1967
Indicators of Compromise
- Unexpected application crashes or service restarts for TLS-enabled services
- Core dumps or crash logs indicating NULL pointer dereference in OpenSSL library functions
- Abnormal TLS 1.3 handshake failures logged by network monitoring systems
- Repeated connection attempts from the same source followed by service crashes
Detection Strategies
- Monitor system logs for segmentation fault signals in processes using OpenSSL for TLS 1.3 connections
- Deploy network intrusion detection rules to identify malformed signature_algorithms_cert extensions in TLS handshakes
- Use application performance monitoring to detect sudden crash patterns in TLS-enabled services
- Implement library version scanning to identify systems running OpenSSL 1.1.1d through 1.1.1f
Monitoring Recommendations
- Enable verbose TLS handshake logging on critical infrastructure to capture anomalous handshake patterns
- Configure crash reporting and alerting for production services using vulnerable OpenSSL versions
- Set up availability monitoring with rapid alerting for services that may be targeted
- Review firewall and load balancer logs for connection patterns consistent with DoS attacks
How to Mitigate CVE-2020-1967
Immediate Actions Required
- Upgrade OpenSSL to version 1.1.1g or later immediately
- Inventory all systems and applications using affected OpenSSL versions (1.1.1d, 1.1.1e, 1.1.1f)
- Prioritize patching internet-facing TLS services and critical infrastructure
- Apply vendor-specific patches for Oracle, NetApp, and other affected enterprise products
Patch Information
OpenSSL released version 1.1.1g on April 21, 2020 to address this vulnerability. The fix adds proper NULL pointer validation in the SSL_check_chain() function before processing signature algorithm values. Organizations should upgrade to OpenSSL 1.1.1g or later as the primary remediation.
Multiple vendors have released advisories and patches:
- OpenSSL Security Advisory 20200421
- Debian Security DSA-4661
- FreeBSD Security Advisory FreeBSD-SA-20:11
- Oracle CPU Alerts (multiple quarters through 2021)
- NetApp Security Advisory ntap-20200424-0003
Workarounds
- If immediate patching is not possible, consider temporarily disabling TLS 1.3 and using TLS 1.2 as an interim measure
- Implement rate limiting and connection throttling to reduce the impact of potential DoS attacks
- Deploy network-level filtering to block known exploit traffic patterns if detection signatures are available
- Isolate vulnerable systems behind reverse proxies running patched OpenSSL versions
# Check OpenSSL version on Linux systems
openssl version -a
# Verify if system is vulnerable (versions 1.1.1d through 1.1.1f are affected)
# Example output from vulnerable system: OpenSSL 1.1.1f 31 Mar 2020
# Update OpenSSL on Debian/Ubuntu
sudo apt update && sudo apt upgrade openssl
# Update OpenSSL on RHEL/CentOS/Fedora
sudo dnf update openssl
# Verify updated version
openssl version -a
# Should show: OpenSSL 1.1.1g or later
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
