CVE-2020-1971 (CNNVD-202012-579)

MEDIUM
中文标题:
OpenSSL 代码问题漏洞
英文标题:
EDIPARTYNAME NULL pointer dereference
CVSS分数: 5.9
发布时间: 2020-12-08 15:30:16
漏洞类型: 代码问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.1.1版本和1.0.2版本存在代码问题漏洞,该漏洞源于空指针解引用和崩溃可能会导致拒绝服务攻击。

英文描述:

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

CWE类型:
CWE-476
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
OpenSSL OpenSSL Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h) - - cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.1.1i_(affected_1.1.1-1.1.1h):*:*:*:*:*:*:*
OpenSSL OpenSSL Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w) - - cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.0.2x_(affected_1.0.2-1.0.2w):*:*:*:*:*:*:*
openssl openssl * - - cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
debian debian_linux 9.0 - - cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debian debian_linux 10.0 - - cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
fedoraproject fedora 32 - - cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraproject fedora 33 - - cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
oracle api_gateway 11.1.2.4.0 - - cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
oracle business_intelligence 5.5.0.0.0 - - cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
oracle business_intelligence 5.9.0.0.0 - - cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
oracle business_intelligence 12.2.1.3.0 - - cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
oracle business_intelligence 12.2.1.4.0 - - cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
oracle communications_diameter_intelligence_hub * - - cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
oracle communications_session_border_controller cz8.2 - - cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*
oracle communications_session_border_controller cz8.3 - - cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*
oracle communications_session_border_controller cz8.4 - - cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*
oracle communications_session_router cz8.2 - - cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*
oracle communications_session_router cz8.3 - - cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*
oracle communications_session_router cz8.4 - - cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*
oracle communications_subscriber-aware_load_balancer cz8.2 - - cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*
oracle communications_subscriber-aware_load_balancer cz8.3 - - cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*
oracle communications_subscriber-aware_load_balancer cz8.4 - - cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*
oracle communications_unified_session_manager scz8.2.5 - - cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*
oracle enterprise_communications_broker pcz3.1 - - cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*
oracle enterprise_communications_broker pcz3.2 - - cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*
oracle enterprise_communications_broker pcz3.3 - - cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.3.0.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.4.0.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_for_storage_management 13.4.0.0 - - cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_ops_center 12.4.0.0 - - cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
oracle enterprise_session_border_controller cz8.2 - - cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*
oracle enterprise_session_border_controller cz8.3 - - cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*
oracle enterprise_session_border_controller cz8.4 - - cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*
oracle essbase 21.2 - - cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
oracle graalvm 19.3.4 - - cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
oracle graalvm 20.3.0 - - cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
oracle http_server 12.2.1.4.0 - - cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools * - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oracle jd_edwards_world_security a9.4 - - cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
oracle mysql * - - cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
oracle mysql_server * - - cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.56 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
netapp active_iq_unified_manager - - - cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netapp clustered_data_ontap_antivirus_connector - - - cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
netapp data_ontap - - - cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
netapp e-series_santricity_os_controller * - - cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapp hci_management_node - - - cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netapp manageability_software_development_kit - - - cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
netapp oncommand_insight - - - cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netapp oncommand_workflow_automation - - - cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netapp plug-in_for_symantec_netbackup - - - cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
netapp santricity_smi-s_provider - - - cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
netapp snapcenter - - - cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
netapp solidfire - - - cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netapp hci_compute_node - - - cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
netapp hci_storage_node - - - cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
netapp ef600a_firmware - - - cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*
netapp aff_a250_firmware - - - cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
tenable log_correlation_engine * - - cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*
tenable nessus_network_monitor * - - cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*
siemens sinec_infrastructure_network_services * - - cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
nodejs node.js * - - cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
DSA-4807 vendor-advisory
cve.org
访问
FreeBSD-SA-20:33 vendor-advisory
cve.org
访问
[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update mailing-list
cve.org
访问
[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update mailing-list
cve.org
访问
FEDORA-2020-ef1870065a vendor-advisory
cve.org
访问
[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported. mailing-list
cve.org
访问
FEDORA-2020-a31b01e945 vendor-advisory
cve.org
访问
GLSA-202012-13 vendor-advisory
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40. mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
[oss-security] 20210914 Re: Oracle Solaris membership in the distros list mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
CVSS评分详情
5.9
MEDIUM
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS版本: 3.1
机密性
NONE
完整性
NONE
可用性
HIGH
时间信息
发布时间:
2020-12-08 15:30:16
修改时间:
2024-09-17 02:57:20
创建时间:
2025-11-11 15:36:09
更新时间:
2025-11-11 15:56:33
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2020-1971 2025-11-11 15:20:28 2025-11-11 07:36:09
NVD nvd_CVE-2020-1971 2025-11-11 14:57:06 2025-11-11 07:44:35
CNNVD cnnvd_CNNVD-202012-579 2025-11-11 15:10:32 2025-11-11 07:56:33
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:56:33
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202012-579; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码问题
  • cnnvd_id: 未提取 -> CNNVD-202012-579
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:44:35
cvss_score: 未提取 → 5.9; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 2 → 65; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 5.9
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • cvss_version: NOT_EXTRACTED -> 3.1
  • affected_products_count: 2 -> 65
  • data_sources: ['cve'] -> ['cve', 'nvd']