9 matches found
JLSEC-2026-223 openssl-src NULL pointer Dereference in signature_algorithms processing
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...
SUSE CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...
BSA-2020-948
Security Advisory ID : BSA-2020-948 Component : OpenSSL Revision : 1.0 Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extensio...
openssl: NULL pointer dereference in signature_algorithms processing
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...
openssl: NULL pointer dereference in signature_algorithms processing
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...
openssl: NULL pointer dereference in signature_algorithms processing
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...
The vulnerability of the SSL_check_chain function in the TLS protocol implementation of the OpenSSL library involves the possibility of reassigning the null pointer due to incorrect processing of the “signature_algorithms_cert” extension in TLS. This allows a perpetrator to cause a service failure.
The vulnerability of the SSLcheckchain function in the TLS protocol implementation of the OpenSSL library is related to the possibility of replacing the zero pointer due to incorrect processing of the “signaturealgorithmscert” extension in TLS. Exploiting this vulnerability can allow a malicious...
DEBIAN-CVE-2020-1967
Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...
ALPINE-CVE-2020-1967
Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...