Home > Vulnerability Database > CVE-2020-1971

Mend.io Vulnerability Database

CVE-2020-1971

Good to know:

Date: December 8, 2020

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Language: C

Severity Score

8.8

Related Resources (31)

Url: https://www.openssl.org/news/secadv/20201208.txt

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-1971

Url: https://www.oracle.com/security-alerts/cpuApr2021.html

Url: https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html

Url: https://security.netapp.com/advisory/ntap-20201218-0005/

Url: https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E

Url: https://www.tenable.com/security/tns-2020-11

Url: https://security.gentoo.org/glsa/202012-13

Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920

Url: https://www.oracle.com/security-alerts/cpujan2021.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1971

Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

Url: https://security.alpinelinux.org/vuln/CVE-2020-1971

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://www.debian.org/security/2020/dsa-4807

Url: https://www.oracle.com/security-alerts/cpuoct2021.html

Url: https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/

Url: https://security.netapp.com/advisory/ntap-20210513-0002/

Url: https://www.tenable.com/security/tns-2021-10

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/

Url: https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html

Url: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676

Url: https://www.tenable.com/security/tns-2021-09

Url: https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Url: https://www.oracle.com//security-alerts/cpujul2021.html

Url: https://access.redhat.com/security/cve/CVE-2020-1971

Url: https://security-tracker.debian.org/tracker/CVE-2020-1971

Url: http://www.openwall.com/lists/oss-security/2021/09/14/2

Url: https://www.mend.io/vulnerability-database/CVE-2020-1971

Severity Score

8.8

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version 1.0.2x,1.1.1i

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-1971

Good to know:

Date: December 8, 2020

Language: C

Severity Score

Related Resources (31)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?