CVE-2020-1971
Summary
| CVE | CVE-2020-1971 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-08 16:15:00 UTC |
| Updated | 2023-11-07 03:19:00 UTC |
| Description | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Hardware | Netapp | Aff A250 | - | All | All | All |
| Hardware | Netapp | Aff A250 | - | All | All | All |
| Operating System | Netapp | Aff A250 Firmware | - | All | All | All |
| Operating System | Netapp | Aff A250 Firmware | - | All | All | All |
| Application | Netapp | Clustered Data Ontap Antivirus Connector | - | All | All | All |
| Application | Netapp | Clustered Data Ontap Antivirus Connector | - | All | All | All |
| Application | Netapp | Data Ontap | - | All | All | All |
| Application | Netapp | Data Ontap | - | All | All | All |
| Application | Netapp | E-series Santricity Os Controller | All | All | All | All |
| Hardware | Netapp | Ef600a | - | All | All | All |
| Hardware | Netapp | Ef600a | - | All | All | All |
| Operating System | Netapp | Ef600a Firmware | - | All | All | All |
| Operating System | Netapp | Ef600a Firmware | - | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Hardware | Netapp | Hci Storage Node | - | All | All | All |
| Hardware | Netapp | Hci Storage Node | - | All | All | All |
| Application | Netapp | Manageability Software Development Kit | - | All | All | All |
| Application | Netapp | Manageability Software Development Kit | - | All | All | All |
| Application | Netapp | Oncommand Insight | - | All | All | All |
| Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
| Application | Netapp | Plug-in For Symantec Netbackup | - | All | All | All |
| Application | Netapp | Plug-in For Symantec Netbackup | - | All | All | All |
| Application | Netapp | Santricity Smi-s Provider | - | All | All | All |
| Application | Netapp | Santricity Smi-s Provider | - | All | All | All |
| Application | Netapp | Snapcenter | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
| Application | Oracle | Api Gateway | 11.1.2.4.0 | All | All | All |
| Application | Oracle | Business Intelligence | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Business Intelligence | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Business Intelligence | 5.5.0.0.0 | All | All | All |
| Application | Oracle | Business Intelligence | 5.9.0.0.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 | All | All | All |
| Application | Oracle | Communications Diameter Intelligence Hub | All | All | All | All |
| Application | Oracle | Communications Diameter Intelligence Hub | All | All | All | All |
| Application | Oracle | Communications Session Border Controller | cz8.2 | All | All | All |
| Application | Oracle | Communications Session Border Controller | cz8.3 | All | All | All |
| Application | Oracle | Communications Session Border Controller | cz8.4 | All | All | All |
| Application | Oracle | Communications Session Router | cz8.2 | All | All | All |
| Application | Oracle | Communications Session Router | cz8.3 | All | All | All |
| Application | Oracle | Communications Session Router | cz8.4 | All | All | All |
| Application | Oracle | Communications Subscriber-aware Load Balancer | cz8.2 | All | All | All |
| Application | Oracle | Communications Subscriber-aware Load Balancer | cz8.3 | All | All | All |
| Application | Oracle | Communications Subscriber-aware Load Balancer | cz8.4 | All | All | All |
| Application | Oracle | Communications Unified Session Manager | scz8.2.5 | All | All | All |
| Application | Oracle | Enterprise Communications Broker | pcz3.1 | All | All | All |
| Application | Oracle | Enterprise Communications Broker | pcz3.2 | All | All | All |
| Application | Oracle | Enterprise Communications Broker | pcz3.3 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.3.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.3.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager For Storage Management | 13.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Session Border Controller | cz8.2 | All | All | All |
| Application | Oracle | Enterprise Session Border Controller | cz8.3 | All | All | All |
| Application | Oracle | Enterprise Session Border Controller | cz8.4 | All | All | All |
| Application | Oracle | Essbase | 21.2 | All | All | All |
| Application | Oracle | Graalvm | 19.3.4 | All | All | All |
| Application | Oracle | Graalvm | 20.3.0 | All | All | All |
| Application | Oracle | Graalvm | 19.3.4 | All | All | All |
| Application | Oracle | Graalvm | 20.3.0 | All | All | All |
| Application | Oracle | Http Server | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Jd Edwards Enterpriseone Tools | All | All | All | All |
| Application | Oracle | Jd Edwards World Security | a9.4 | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Mysql Server | All | All | All | All |
| Application | Oracle | Mysql Server | All | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.56 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.57 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.58 | All | All | All |
| Application | Siemens | Sinec Infrastructure Network Services | All | All | All | All |
| Application | Tenable | Log Correlation Engine | All | All | All | All |
| Application | Tenable | Nessus Network Monitor | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Public KB - SA44676 - December 08 2020 OpenSSL Security Advisory | CONFIRM | kb.pulsesecure.net | Third Party Advisory |
| Debian -- Security Information -- DSA-4807-1 openssl | DEBIAN | www.debian.org | Third Party Advisory |
| [SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| git.openssl.org Git - openssl.git/commitdiff | CONFIRM | git.openssl.org | Broken Link |
| git.openssl.org Git - openssl.git/commitdiff | git.openssl.org | ||
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| April 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| git.openssl.org Git | git.openssl.org | ||
| Oracle Critical Patch Update Advisory - July 2021 | N/A | www.oracle.com | |
| [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| [SECURITY] [DLA 2492-1] openssl security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Third Party Advisory |
| [SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| git.openssl.org Git - openssl.git/commitdiff | CONFIRM | git.openssl.org | Patch, Vendor Advisory |
| www.openssl.org/news/secadv/20201208.txt | CONFIRM | www.openssl.org | Vendor Advisory |
| CVE-2020-1971 OpenSSL Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| OpenSSL: Denial of service (GLSA 202012-13) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | CONFIRM | cert-portal.siemens.com | |
| [SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| FreeBSD-SA-20:33 | FREEBSD | security.FreeBSD.org | Third Party Advisory |
| [SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| oss-security - Re: Oracle Solaris membership in the distros list | MLIST | www.openwall.com | |
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| [SECURITY] [DLA 2493-1] openssl1.0 security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - January 2021 | MISC | www.oracle.com | Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: David Benjamin (Google)
Legacy QID Mappings
- 159134 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9137)
- 159137 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9150)
- 159160 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9121)
- 20221 Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021)
- 239735 Red Hat Update for red hat jboss web server 5.4.1 (RHSA-2021:0494)
- 239738 Red Hat Update for red hat jboss web server 3.1 service pack 11 (RHSA-2021:0489)
- 330079 IBM AIX Multiple Vulnerabilities in Openssl (openssl_advisory32)
- 357333 Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502
- 375337 IBM Spectrum Control Multiple Vulnerability(6415993)
- 375482 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUAPR2021)
- 375965 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUOCT2021)
- 376033 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM), Local Traffic Man[...]
- 376039 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Open Secure Sockets Layer (OpenSSL) Vulnerability (K42910051)
- 376911 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2020:0197)
- 376918 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2021:0006)
- 379452 IBM Cognos Analytics Multiple Vulnerabilities (7123154)
- 38846 Pulse Connect Secure and Pulse Policy Secure NULL Pointer Dereference (SA44676)
- 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
- 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
- 500496 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
- 500564 Alpine Linux Security Update forOpen Secure Sockets Layer (OpenSSL)
- 500763 Alpine Linux Security Update for openssl
- 501163 Alpine Linux Security Update for openssl
- 501420 Alpine Linux Security Update for libressl
- 501982 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
- 502901 Alpine Linux Security Update for openssl1.1-compat
- 504255 Alpine Linux Security Update for openssl
- 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
- 610343 Google Pixel Android June 2021 Security Patch Missing
- 610360 Google Android August 2021 Security Patch Missing for Samsung
- 670196 EulerOS Security Update for openssl (EulerOS-SA-2021-1695)
- 670197 EulerOS Security Update for openssl111d (EulerOS-SA-2021-1696)
- 670784 EulerOS Security Update for shim (EulerOS-SA-2021-2542)
- 670808 EulerOS Security Update for shim (EulerOS-SA-2021-2566)
- 670846 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1160)
- 670855 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1014)
- 690151 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (56ba4513-a1be-11eb-9072-d4c9ef517024)
- 690397 Free Berkeley Software Distribution (FreeBSD) Security Update for node.js (08b553ed-537a-11eb-be6e-0022489ad614)
- 690403 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (1d56cfc5-3970-11eb-929d-d4c9ef517024)
- 730118 Dell Unisphere for PowerMax Security Update for Multiple Third-Party Component Vulnerabilities
- 730119 Dell Solutions Enabler Security Update for Multiple Third-Party Component Vulnerabilities
- 750420 OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:0082-1)
- 750431 OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:0065-1)
- 750432 OpenSUSE Security Update for nodejs12 (openSUSE-SU-2021:0064-1)
- 750484 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2020:2269-1)
- 750491 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2020:2245-1)
- 750495 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2020:2236-1)
- 750498 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2020:2223-1)
- 750690 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2020:3762-1)
- 770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
- 900182 CBL-Mariner Linux Security Update for mysql 8.0.22
- 903226 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (3881)
- 91781 IBM Integration Bus and IBM App Connect Enterprise Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (6444817,6444819)
- 91822 Microsoft Visual Studio Security Update for October 2021
- 940259 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2020:5476)