Identifier

CVE-2020-1967

Package Slug

conan/openssl

Vulnerability

NULL Pointer Dereference

Description

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the signature_algorithms_cert TLS extension.

Affected Versions

All versions starting from 1.1.1d up to 1.1.1f

Solution

Upgrade to version 1.1.1g or above.

Last Modified

2020-07-24

source