CVE-2020-1967: NULL Pointer Dereference

April 21, 2020 (updated December 10, 2021)

Server or client applications that call the SSL_check_chain() function during or after a TLS handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the signature_algorithms_cert TLS extension.

References

packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
nvd.nist.gov/vuln/detail/CVE-2020-1967
www.openssl.org/news/secadv/20200421.txt

Detect and mitigate CVE-2020-1967 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →