CVE-2020-1971

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

References

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920

https://www.openssl.org/news/secadv/20201208.txt

https://www.debian.org/security/2020/dsa-4807

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc

https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html

https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/

https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E

https://security.netapp.com/advisory/ntap-20201218-0005/

https://lists.fedoraproject.org/archives/list/[email protected]/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/

https://www.tenable.com/security/tns-2020-11

https://security.gentoo.org/glsa/202012-13

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676

https://www.oracle.com/security-alerts/cpujan2021.html

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://www.tenable.com/security/tns-2021-09

https://security.netapp.com/advisory/ntap-20210513-0002/

https://www.tenable.com/security/tns-2021-10

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2020-12-08

Updated: 2021-07-20

Type: CWE-476

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.0.2 to 1.0.2w (inclusive)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.1.1 to 1.1.1h (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 8.0.22 (inclusive)

Configuration 5

OR

cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from 11.0.0 to 11.60.3 (inclusive)

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:ef600a:-:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*

Tenable Plugins

View all (88 total)

IDNameProductFamilySeverity
151903Oracle Enterprise Manager Cloud Control (Jul 2021 CPU)NessusMisc.
critical
151385EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2021-2154)NessusHuawei Local Security Checks
high
150634SUSE SLES11 Security Update : openssl1 (SUSE-SU-2020:14560-1)NessusSuSE Local Security Checks
medium
150475OracleVM 3.4 : openssl (OVMSA-2021-0011)NessusOracleVM Local Security Checks
medium
150416Oracle MySQL Workbench < 8.0.23 Multiple Vulnertabilities (Jan 2021)NessusWindows
high
150139Tenable Log Correlation Engine (LCE) < 6.0.9 (TNS-2021-10)NessusMisc.
medium
149403Nessus Network Monitor < 5.13.1 Multiple Vulnerabilities (TNS-2021-09)NessusMisc.
high
148980Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2021 CPU)NessusMisc.
critical
148912Oracle Enterprise Manager Ops Center (Apr 2021 CPU)NessusMisc.
high
148869FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)NessusFreeBSD Local Security Checks
high
148383Oracle Linux 7 : openssl (ELSA-2021-9121) (deprecated)NessusOracle Linux Local Security Checks
medium
148357Photon OS 4.0: Mysql PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
148258Oracle Linux 6 : openssl (ELSA-2021-9150) (deprecated)NessusOracle Linux Local Security Checks
medium
148133Oracle Linux 6 : openssl (ELSA-2021-9137)NessusOracle Linux Local Security Checks
medium
148074EulerOS 2.0 SP5 : openssl (EulerOS-SA-2021-1695)NessusHuawei Local Security Checks
medium
148069EulerOS 2.0 SP5 : openssl111d (EulerOS-SA-2021-1696)NessusHuawei Local Security Checks
medium
147668EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2021-1637)NessusHuawei Local Security Checks
medium
147580EulerOS Virtualization 3.0.2.6 : openssl (EulerOS-SA-2021-1418)NessusHuawei Local Security Checks
medium
147550EulerOS Virtualization 2.9.1 : nss (EulerOS-SA-2021-1615)NessusHuawei Local Security Checks
critical
147537EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2021-1619)NessusHuawei Local Security Checks
high
147480EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2021-1376)NessusHuawei Local Security Checks
medium
147279NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Vulnerability (NS-SA-2021-0020)NessusNewStart CGSL Local Security Checks
medium
147241NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2021-0086)NessusNewStart CGSL Local Security Checks
medium
147102EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2021-1505)NessusHuawei Local Security Checks
medium
147063EulerOS Virtualization for ARM 64 3.0.6.0 : openssl (EulerOS-SA-2021-1549)NessusHuawei Local Security Checks
medium
146692EulerOS 2.0 SP2 : openssl (EulerOS-SA-2021-1338)NessusHuawei Local Security Checks
medium
146682EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2021-1339)NessusHuawei Local Security Checks
medium
146434RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 (RHSA-2021:0486)NessusRed Hat Local Security Checks
medium
146432RHEL 7 : Red Hat JBoss Web Server 3.1 Service Pack 11 (RHSA-2021:0489)NessusRed Hat Local Security Checks
medium
146431RHEL 7 / 8 : Red Hat JBoss Web Server 5.4.1 Security Update (Moderate) (RHSA-2021:0494)NessusRed Hat Local Security Checks
high
145892CentOS 8 : openssl (CESA-2020:5476)NessusCentOS Local Security Checks
medium
145779EulerOS 2.0 SP8 : openssl (EulerOS-SA-2021-1160)NessusHuawei Local Security Checks
medium
145398openSUSE Security Update : nodejs10 (openSUSE-2021-82)NessusSuSE Local Security Checks
high
145371openSUSE Security Update : nodejs12 (openSUSE-2021-64)NessusSuSE Local Security Checks
high
145353openSUSE Security Update : openssl-1_0_0 (openSUSE-2020-2269)NessusSuSE Local Security Checks
medium
145351openSUSE Security Update : openssl-1_1 (openSUSE-2020-2245)NessusSuSE Local Security Checks
medium
145299openSUSE Security Update : nodejs10 (openSUSE-2021-65)NessusSuSE Local Security Checks
high
145251MySQL 8.0.x < 8.0.23 Multiple Vulnerabilities (Jan 2021 CPU)NessusDatabases
medium
145247MySQL 5.7.x < 5.7.33 Multiple Vulnerabilities (Jan 2021 CPU)NessusDatabases
medium
145130EulerOS 2.0 SP3 : openssl (EulerOS-SA-2021-1104)NessusHuawei Local Security Checks
medium
145024FreeBSD : Node.js -- January 2021 Security Releases (08b553ed-537a-11eb-be6e-0022489ad614)NessusFreeBSD Local Security Checks
high
144971CentOS 7 : openssl (CESA-2020:5566)NessusCentOS Local Security Checks
medium
144949Node.js 10.x < 10.23.1 / 12.x < 12.20.1 / 14.x < 14.15.4 / 15.x < 15.5.1 Multiple VulnerabilitiesNessusMisc.
high
144921SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:0062-1)NessusSuSE Local Security Checks
high
144917SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:0068-1)NessusSuSE Local Security Checks
high
144912SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2021:0082-1)NessusSuSE Local Security Checks
high
144911SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:0060-1)NessusSuSE Local Security Checks
high
144700EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1033)NessusHuawei Local Security Checks
medium
144665EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1014)NessusHuawei Local Security Checks
medium
144604RHEL 8 : openssl (RHSA-2020:5637)NessusRed Hat Local Security Checks
medium
144592GLSA-202012-13 : OpenSSL: Denial of serviceNessusGentoo Local Security Checks
medium
144584Tenable SecurityCenter < 5.17.0 Multiple Vulnerabilities (TNS-2020-11)NessusMisc.
high
144510RHEL 7 : openssl (RHSA-2020:5642)NessusRed Hat Local Security Checks
medium
144507RHEL 7 : openssl (RHSA-2020:5641)NessusRed Hat Local Security Checks
medium
144506RHEL 7 : openssl (RHSA-2020:5640)NessusRed Hat Local Security Checks
medium
144505RHEL 7 : openssl (RHSA-2020:5639)NessusRed Hat Local Security Checks
medium
144486Fedora 32 : 1:openssl (2020-a31b01e945)NessusFedora Local Security Checks
medium
144411RHEL 7 : openssl (RHSA-2020:5623)NessusRed Hat Local Security Checks
medium
144394RHEL 8 : openssl (RHSA-2020:5588)NessusRed Hat Local Security Checks
medium
144380RHEL 8 : openssl (RHSA-2020:5476)NessusRed Hat Local Security Checks
medium
144378RHEL 7 : openssl (RHSA-2020:5566)NessusRed Hat Local Security Checks
medium
144369Scientific Linux Security Update : openssl on SL7.x i686/x86_64 (2020:5566)NessusScientific Linux Local Security Checks
medium
144339Oracle Linux 7 : ELSA-2020-5566-1: / openssl (ELSA-2020-55661)NessusOracle Linux Local Security Checks
medium
144338Oracle Linux 8 : openssl (ELSA-2020-5476)NessusOracle Linux Local Security Checks
medium
144323Fedora 33 : 1:openssl (2020-ef1870065a)NessusFedora Local Security Checks
medium
144317openSUSE Security Update : openssl-1_1 (openSUSE-2020-2223)NessusSuSE Local Security Checks
medium
144309openSUSE Security Update : openssl-1_0_0 (openSUSE-2020-2236)NessusSuSE Local Security Checks
medium
144276RHEL 8 : openssl (RHSA-2020:5422)NessusRed Hat Local Security Checks
medium
144264Debian DLA-2492-1 : openssl security updateNessusDebian Local Security Checks
medium
144262Debian DLA-2493-1 : openssl1.0 security updateNessusDebian Local Security Checks
medium
144171SUSE SLES12 Security Update : openssl (SUSE-SU-2020:3763-1)NessusSuSE Local Security Checks
medium
144137SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2020:3762-1)NessusSuSE Local Security Checks
medium
144095SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2020:3740-1)NessusSuSE Local Security Checks
medium
144077Photon OS 3.0: Nxtgn PHSA-2020-3.0-0175NessusPhotonOS Local Security Checks
medium
144076Photon OS 3.0: Openssl PHSA-2020-3.0-0175NessusPhotonOS Local Security Checks
medium
144071Photon OS 2.0: Openssl PHSA-2020-2.0-0304NessusPhotonOS Local Security Checks
medium
144061Photon OS 1.0: Openssl PHSA-2020-1.0-0345NessusPhotonOS Local Security Checks
medium
144053OpenSSL 1.0.2 < 1.0.2x Null Pointer Dereference VulnerabilityNessusWeb Servers
medium
144047OpenSSL 1.1.1 < 1.1.1i Null Pointer Dereference VulnerabilityNessusWeb Servers
medium
144046SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2020:3732-1)NessusSuSE Local Security Checks
medium
143887Amazon Linux AMI : openssl (ALAS-2020-1456)NessusAmazon Linux Local Security Checks
medium
143821SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:3720-1)NessusSuSE Local Security Checks
medium
143729SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:3721-1)NessusSuSE Local Security Checks
medium
143669SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:3722-1)NessusSuSE Local Security Checks
medium
143593Debian DSA-4807-1 : openssl - security updateNessusDebian Local Security Checks
medium
143591FreeBSD : OpenSSL -- NULL pointer de-reference (1d56cfc5-3970-11eb-929d-d4c9ef517024)NessusFreeBSD Local Security Checks
medium
143587Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenSSL vulnerability (USN-4662-1)NessusUbuntu Local Security Checks
medium
143578Amazon Linux 2 : openssl (ALAS-2020-1573)NessusAmazon Linux Local Security Checks
medium