CVE-2020-1967: OpenSSL Denial-Of-Service Vulnerability Alert
OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. TLS (Transport Layer Security) is a security protocol whose purpose is to provide security and data integrity guarantee for Internet communications. This protocol is widely supported in applications such as browsers, e-mail, instant messaging, VoIP, and Internet fax. This agreement has now become the industry standard for secure communications on the Internet.
“Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the ‘signature_algorithms_cert’ TLS extension,” reads the advisory published by the OpenSSL Project.
“The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.”
Upgrade to version 1.1.1g