logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-1971

Description

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).


Affected Software


CPE Name Name Version
openssl:openssl openssl 1.0.2x
openssl:openssl openssl 1.1.1i
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
fedoraproject:fedora fedoraproject fedora 32
fedoraproject:fedora fedoraproject fedora 33
oracle:api_gateway oracle api gateway 11.1.2.4.0
oracle:peoplesoft_enterprise_peopletools oracle peoplesoft enterprise peopletools 8.56
oracle:business_intelligence oracle business intelligence 12.2.1.3.0
oracle:peoplesoft_enterprise_peopletools oracle peoplesoft enterprise peopletools 8.57
oracle:jd_edwards_world_security oracle jd edwards world security a9.4
oracle:business_intelligence oracle business intelligence 12.2.1.4.0
oracle:enterprise_manager_base_platform oracle enterprise manager base platform 13.3.0.0
oracle:business_intelligence oracle business intelligence 5.5.0.0.0
oracle:peoplesoft_enterprise_peopletools oracle peoplesoft enterprise peopletools 8.58
oracle:enterprise_manager_base_platform oracle enterprise manager base platform 13.4.0.0
oracle:communications_session_router oracle communications session router cz8.2
oracle:communications_session_router oracle communications session router cz8.3
oracle:communications_subscriber-aware_load_balancer oracle communications subscriber-aware load balancer cz8.2
oracle:communications_subscriber-aware_load_balancer oracle communications subscriber-aware load balancer cz8.3
oracle:communications_subscriber-aware_load_balancer oracle communications subscriber-aware load balancer cz8.4
oracle:communications_unified_session_manager oracle communications unified session manager scz8.2.5
oracle:enterprise_communications_broker oracle enterprise communications broker pcz3.1
oracle:enterprise_communications_broker oracle enterprise communications broker pcz3.2
oracle:enterprise_communications_broker oracle enterprise communications broker pcz3.3
oracle:enterprise_manager_for_storage_management oracle enterprise manager for storage management 13.4.0.0
oracle:enterprise_manager_ops_center oracle enterprise manager ops center 12.4.0.0
oracle:enterprise_session_border_controller oracle enterprise session border controller cz8.2
oracle:enterprise_session_border_controller oracle enterprise session border controller cz8.3
oracle:enterprise_session_border_controller oracle enterprise session border controller cz8.4
oracle:essbase oracle essbase 21.2
oracle:graalvm oracle graalvm 19.3.4
oracle:graalvm oracle graalvm 20.3.0
oracle:http_server oracle http server 12.2.1.4.0
oracle:jd_edwards_enterpriseone_tools oracle jd edwards enterpriseone tools 9.2.5.3
oracle:mysql oracle mysql 8.0.22
oracle:business_intelligence oracle business intelligence 5.9.0.0.0
oracle:communications_cloud_native_core_network_function_cloud_native_environment oracle communications cloud native core network function cloud native environment 1.10.0
oracle:communications_diameter_intelligence_hub oracle communications diameter intelligence hub 8.1.0
oracle:communications_diameter_intelligence_hub oracle communications diameter intelligence hub 8.2.3
oracle:communications_session_border_controller oracle communications session border controller cz8.2
oracle:communications_session_border_controller oracle communications session border controller cz8.3
oracle:communications_session_border_controller oracle communications session border controller cz8.4
oracle:communications_session_router oracle communications session router cz8.4
oracle:mysql_server oracle mysql server 5.7.32
oracle:mysql_server oracle mysql server 8.0.22
netapp:santricity_smi-s_provider netapp santricity smi-s provider -
netapp:snapcenter netapp snapcenter -
netapp:oncommand_workflow_automation netapp oncommand workflow automation -
netapp:oncommand_insight netapp oncommand insight -
netapp:data_ontap netapp data ontap -
netapp:clustered_data_ontap_antivirus_connector netapp clustered data ontap antivirus connector -
netapp:solidfire netapp solidfire -
netapp:hci_management_node netapp hci management node -
netapp:hci_storage_node netapp hci storage node -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:e-series_santricity_os_controller netapp e-series santricity os controller 11.60.3
netapp:manageability_software_development_kit netapp manageability software development kit -
netapp:plug-in_for_symantec_netbackup netapp plug-in for symantec netbackup -
netapp:hci_compute_node netapp hci compute node -
netapp:ef600a_firmware netapp ef600a firmware -
netapp:aff_a250_firmware netapp aff a250 firmware -
tenable:log_correlation_engine tenable log correlation engine 6.0.9
tenable:nessus_network_monitor tenable nessus network monitor 5.13.1
siemens:sinec_infrastructure_network_services siemens sinec infrastructure network services 1.0.1.1

Related