EDIPARTYNAME NULL pointer dereference

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2020-1971
StatePUBLISHED
Assigneropenssl
Source PriorityCVE Program / NVD first with legacy fallback
Published2020-12-08 16:15:11 UTC
Updated2026-05-29 16:16:20 UTC
DescriptionThe X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Risk And Classification

Primary CVSS: v3.1 5.9 MEDIUM from [email protected]

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types: CWE-476 | NULL pointer dereference | CWE-476 CWE-476 NULL Pointer Dereference

VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary5.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1ADPDECLARED5.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1134c704f-9b21-4f2e-91b3-4a467353bcc0Secondary5.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.0[email protected]Primary4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2.0 Breakdown

Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Openssl Openssl All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA OpenSSL OpenSSL affected Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h) Not specified
CNA OpenSSL OpenSSL affected Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w) Not specified

References

ReferenceSourceLinkTags
security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc af854a3a-2127-422b-91ae-364da2661108 security.FreeBSD.org Third Party Advisory
OpenSSL: Denial of service (GLSA 202012-13) — Gentoo security af854a3a-2127-422b-91ae-364da2661108 security.gentoo.org Third Party Advisory
Debian -- Security Information -- DSA-4807-1 openssl af854a3a-2127-422b-91ae-364da2661108 www.debian.org Third Party Advisory
Pony Mail! af854a3a-2127-422b-91ae-364da2661108 lists.apache.org
Oracle Critical Patch Update Advisory - April 2022 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
[SECURITY] [DLA 2492-1] openssl security update af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
Oracle Critical Patch Update Advisory - October 2021 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Third Party Advisory
Oracle Critical Patch Update Advisory - July 2021 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
[SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
Oracle Critical Patch Update Advisory - January 2021 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Third Party Advisory
Pony Mail! af854a3a-2127-422b-91ae-364da2661108 lists.apache.org
[SECURITY] [DLA 2493-1] openssl1.0 security update af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
oss-security - Re: Oracle Solaris membership in the distros list af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
Oracle Critical Patch Update Advisory - April 2021 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
security.netapp.com/advisory/ntap-20240621-0006 af854a3a-2127-422b-91ae-364da2661108 security.netapp.com
[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® af854a3a-2127-422b-91ae-364da2661108 www.tenable.com Third Party Advisory
git.openssl.org Git - openssl.git/commitdiff af854a3a-2127-422b-91ae-364da2661108 git.openssl.org
[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® af854a3a-2127-422b-91ae-364da2661108 www.tenable.com Third Party Advisory
[SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org
April 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product Security af854a3a-2127-422b-91ae-364da2661108 security.netapp.com Third Party Advisory
CVE-2020-1971 OpenSSL Vulnerability in NetApp Products | NetApp Product Security af854a3a-2127-422b-91ae-364da2661108 security.netapp.com Third Party Advisory
www.openssl.org/news/secadv/20201208.txt af854a3a-2127-422b-91ae-364da2661108 www.openssl.org Vendor Advisory
[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable® af854a3a-2127-422b-91ae-364da2661108 www.tenable.com Third Party Advisory
git.openssl.org Git af854a3a-2127-422b-91ae-364da2661108 git.openssl.org
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf af854a3a-2127-422b-91ae-364da2661108 cert-portal.siemens.com Third Party Advisory
Public KB - SA44676 - December 08 2020 OpenSSL Security Advisory af854a3a-2127-422b-91ae-364da2661108 kb.pulsesecure.net Third Party Advisory
git.openssl.org Git - openssl.git/commitdiff MITRE git.openssl.org
git.openssl.org Git - openssl.git/commitdiff MITRE git.openssl.org
[SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
[SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
Pony Mail! MITRE lists.apache.org
Pony Mail! MITRE lists.apache.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: David Benjamin (Google) (en)

Legacy QID Mappings

  • 159134 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9137)
  • 159137 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9150)
  • 159160 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9121)
  • 20221 Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021)
  • 239735 Red Hat Update for red hat jboss web server 5.4.1 (RHSA-2021:0494)
  • 239738 Red Hat Update for red hat jboss web server 3.1 service pack 11 (RHSA-2021:0489)
  • 330079 IBM AIX Multiple Vulnerabilities in Openssl (openssl_advisory32)
  • 357333 Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502
  • 375337 IBM Spectrum Control Multiple Vulnerability(6415993)
  • 375482 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUAPR2021)
  • 375965 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUOCT2021)
  • 376033 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM), Local Traffic Man[...]
  • 376039 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Open Secure Sockets Layer (OpenSSL) Vulnerability (K42910051)
  • 376911 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2020:0197)
  • 376918 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2021:0006)
  • 379452 IBM Cognos Analytics Multiple Vulnerabilities (7123154)
  • 38846 Pulse Connect Secure and Pulse Policy Secure NULL Pointer Dereference (SA44676)
  • 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
  • 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
  • 500496 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
  • 500564 Alpine Linux Security Update forOpen Secure Sockets Layer (OpenSSL)
  • 500763 Alpine Linux Security Update for openssl
  • 501163 Alpine Linux Security Update for openssl
  • 501420 Alpine Linux Security Update for libressl
  • 501982 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
  • 502901 Alpine Linux Security Update for openssl1.1-compat
  • 504255 Alpine Linux Security Update for openssl
  • 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
  • 610343 Google Pixel Android June 2021 Security Patch Missing
  • 610360 Google Android August 2021 Security Patch Missing for Samsung
  • 670196 EulerOS Security Update for openssl (EulerOS-SA-2021-1695)
  • 670197 EulerOS Security Update for openssl111d (EulerOS-SA-2021-1696)
  • 670784 EulerOS Security Update for shim (EulerOS-SA-2021-2542)
  • 670808 EulerOS Security Update for shim (EulerOS-SA-2021-2566)
  • 670846 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1160)
  • 670855 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1014)
  • 690151 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (56ba4513-a1be-11eb-9072-d4c9ef517024)
  • 690397 Free Berkeley Software Distribution (FreeBSD) Security Update for node.js (08b553ed-537a-11eb-be6e-0022489ad614)
  • 690403 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (1d56cfc5-3970-11eb-929d-d4c9ef517024)
  • 730118 Dell Unisphere for PowerMax Security Update for Multiple Third-Party Component Vulnerabilities
  • 730119 Dell Solutions Enabler Security Update for Multiple Third-Party Component Vulnerabilities
  • 750420 OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:0082-1)
  • 750431 OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:0065-1)
  • 750432 OpenSUSE Security Update for nodejs12 (openSUSE-SU-2021:0064-1)
  • 750484 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2020:2269-1)
  • 750491 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2020:2245-1)
  • 750495 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2020:2236-1)
  • 750498 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2020:2223-1)
  • 750690 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2020:3762-1)
  • 770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
  • 900182 CBL-Mariner Linux Security Update for mysql 8.0.22
  • 903226 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (3881)
  • 91781 IBM Integration Bus and IBM App Connect Enterprise Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (6444817,6444819)
  • 91822 Microsoft Visual Studio Security Update for October 2021
  • 940259 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2020:5476)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report