FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL remote denial of service vulnerability

Affected packages
12.1 <= FreeBSD < 12.1_4
1.1.1,1 <= openssl < 1.1.1g,1


VuXML ID 012809ce-83f3-11ea-92ab-00163e433440
Discovery 2020-04-21
Entry 2020-04-21
Modified 2020-04-22

Problem Description:

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognized signature algorithm is received from the peer.


A malicious peer could exploit the NULL pointer dereference crash, causing a denial of service attack.


CVE Name CVE-2020-1967
FreeBSD Advisory SA-20:11.openssl