CVE-2020-1967: 
MySQL vulnerability analysis and mitigation

Server or client applications that call the SSLcheckchain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (OpenSSL Advisory).

The vulnerability exists in the SSLcheckchain() function's handling of the "signaturealgorithmscert" TLS extension during TLS 1.3 handshakes. The function fails to properly validate signature algorithms, leading to a NULL pointer dereference when an invalid or unrecognized algorithm is received. The vulnerability has a CVSS v3.1 Base Score of 7.5 HIGH with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

A successful exploit could allow an attacker to cause a denial of service condition by crashing applications that use the SSLcheckchain() function. This affects both server and client applications that implement this functionality (OpenSSL Advisory).

The recommended mitigation is to upgrade to OpenSSL version 1.1.1g which contains the fix for this vulnerability. For users unable to upgrade immediately, there are no known workarounds as the vulnerability exists in core TLS handshake functionality (OpenSSL Advisory).

The vulnerability was discovered by Bernd Edlinger using a new static analysis pass being implemented in GCC (-fanalyzer). Additional analysis was performed by Matt Caswell and Benjamin Kaduk. The issue received significant attention from the security community due to OpenSSL's widespread use in critical infrastructure (OpenSSL Advisory).