Vulnerability Details : CVE-2020-1971
Potential exploit
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2020-1971
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*
- Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.10.0cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
- Oracle » Communications Diameter Intelligence HubVersions from including (>=) 8.0.0 and up to, including, (<=) 8.1.0cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
- Oracle » Communications Diameter Intelligence HubVersions from including (>=) 8.2.0 and up to, including, (<=) 8.2.3cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
- Netapp » E-series Santricity Os ControllerVersions from including (>=) 11.0.0 and up to, including, (<=) 11.60.3cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-1971
1.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1971
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2020-1971
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-1971
-
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported. - Pony MailThird Party Advisory
-
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
git.openssl.org Git
-
https://www.tenable.com/security/tns-2021-10
[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/
[SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.-Apache Mail Archives
-
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920
git.openssl.org Git
-
https://www.tenable.com/security/tns-2021-09
[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/09/14/2
oss-security - Re: Oracle Solaris membership in the distros listMailing List;Third Party Advisory
-
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920
Patch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html
[SECURITY] [DLA 2492-1] openssl security updateMailing List;Third Party Advisory
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
Pulse Security Advisory: SA44676 - December 08 2020 OpenSSL Security AdvisoryThird Party Advisory
-
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E
[Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.-Apache Mail Archives
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Patch;Third Party Advisory
-
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
Broken Link
-
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://www.tenable.com/security/tns-2020-11
[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210513-0002/
April 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20201218-0005/
CVE-2020-1971 OpenSSL Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20240621-0006/
February 2024 IBM Cognos Analytics Vulnerabilities in NetApp Products | NetApp Product Security
-
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html
[SECURITY] [DLA 2493-1] openssl1.0 security updateMailing List;Third Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc
Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4807
Third Party Advisory
-
https://www.openssl.org/news/secadv/20201208.txt
Vendor Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Third Party Advisory
-
https://security.gentoo.org/glsa/202012-13
OpenSSL: Denial of service (GLSA 202012-13) — Gentoo securityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/
[SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/
[SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/
[SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32 - package-announce - Fedora Mailing-Lists
Jump to