Proof of concept denial of service exploit for the recent OpenSSL signature_algorithms_cert vulnerability.
1d08073755309441e120ada922d200c5276431e79d7c9bdd66bbb529a2013702Debian Linux Security Advisory 4661-1 - Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service.
3faefeb667e7fe966d939c7bff2fe1049e3f01f3da2e48e7811f880c8bef3e32Gentoo Linux Security Advisory 202004-10 - Multiple vulnerabilities were found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1g are affected.
cfc7883a72f8c1a583810a4b13173d4ababf1b9c76a9e8e974ff8e85bc52af2eOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46OpenSSL Security Advisory 20200421 - Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack.
aa2ced8635cac87df60d152a542935643ec431dd068271fb1687a7a91ec5a4aa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed