{"id":"RUSTSEC-2020-0015","summary":"Crash causing Denial of Service attack","details":"Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 \nhandshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \n\"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature \nalgorithm is received from the peer. This could be exploited by a malicious peer in a Denial of \nService attack.","aliases":["CVE-2020-1967","GHSA-jq65-29v4-4x35"],"modified":"2024-07-15T22:00:19.808758Z","published":"2020-04-25T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/openssl-src"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0015.html"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20200421.txt"}],"affected":[{"package":{"name":"openssl-src","ecosystem":"crates.io","purl":"pkg:cargo/openssl-src"},"ranges":[{"type":"SEMVER","events":[{"introduced":"111.6.0"},{"fixed":"111.9.0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0015.json","cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","informational":null,"categories":["denial-of-service"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}