CVE-2020-1971
Description
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSLs s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSLs parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.329
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Mysql 8.0.22 | Windows |
| Multiple Vulnerabilities are affected in Mysql 8.0.5 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 1.1.1 | Windows |
| Vulnerabilities CVE-2020-1971 are fixed in Duo Security Authentication Proxy (5.5.0) | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 12 (x64) (12.20.1) | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 12 (12.20.1) | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 14 (x64) (14.15.4) | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 14 (14.15.4) | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 10 (x64) (10.23.1) | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 10 (10.23.1) | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 15.5.1 | Windows |
| Vulnerabilities CVE-2020-8265,CVE-2020-8287,CVE-2020-1971 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Nessus Agent (8.2.2.20039) | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Nessus Agent (x64) (8.2.2.20039) | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Community 2017 15.9.40 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Enterprise 2017 15.9.40 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Professional 2017 15.9.40 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Community 2019 16.9.12 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Community 2019 16.7.20 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Community 2019 16.4.27 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Community 2019 16.11.5 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Enterprise 2019 16.9.12 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Enterprise 2019 16.7.20 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Enterprise 2019 16.4.27 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Enterprise 2019 16.11.5 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Professional 2019 16.9.12 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Professional 2019 16.7.20 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450 are fixed in Microsoft Visual Studio Professional 2019 16.4.27 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2021-3449,CVE-2021-3450,CVE-2021-41355 are fixed in Microsoft Visual Studio Professional 2019 16.11.5 | Windows |
| Vulnerabilities CVE-2020-1971 are fixed in Duo Security Authentication Proxy (5.4.1) | Windows |
| Vulnerabilities CVE-2020-1971 are fixed in Duo Security Authentication Proxy (5.4.0) | Windows |
| Multiple vulnerabilities are affected in Mysql 5.7.32 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2022-0778 are fixed in Duo Security Authentication Proxy (5.5.0) | Windows |
| Vulnerabilities CVE-2020-1971 are fixed in Duo Security Authentication Proxy (5.3.1) | Windows |
| Vulnerabilities CVE-2020-13871,CVE-2020-1971 are affected in MySQL Workbench Enterprise Edition 8.0.22 | Windows |
| Vulnerabilities CVE-2020-13871,CVE-2020-1971 are affected in MySQL Workbench CE (x64) 8.0.22 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2022-0778,CVE-2022-21712 are fixed in Duo Security Authentication Proxy (5.5.0) | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2022-0778 are fixed in Duo Security Authentication Proxy (5.4.1) | Windows |
| Vulnerabilities CVE-2020-1971 are fixed in Duo Security Authentication Proxy (5.3.0) | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Nessus 8.13.1 | Windows |
| Vulnerabilities CVE-2020-1971,CVE-2020-1967 are fixed in Tenable Nessus 8.13.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Multiple Vulnerabilities are affected in Nessus Network Monitor 5.13.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0 | Windows |
| openssl security update(DSA-4807-1) openssl_1.1.1d-0+deb10u4_i386.deb | Linux |
| openssl security update(DSA-4807-1) openssl_1.1.1d-0+deb10u4_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.1_1.1.1f-1ubuntu2.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.1_1.1.1f-1ubuntu2.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.1_1.1.1f-1ubuntu4.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.1_1.1.1f-1ubuntu4.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.7_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.7_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.0.0_1.0.2n-1ubuntu5.5_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.0.0_1.0.2n-1ubuntu5.5_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.0.0_1.0.2g-1ubuntu4.18_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4662-1) libssl1.0.0_1.0.2g-1ubuntu4.18_amd64.deb | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl-1_0_0-devel-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-32bit-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-debuginfo-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-hmac-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-hmac-32bit-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-debuginfo-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-debugsource-1.0.2p-3.30.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3732-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-doc-1.0.2p-3.30.1.noarch.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-1.1.1g-12.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-debugsource-1.1.1g-12.el8_3.i686.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-debugsource-1.1.1g-12.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-devel-1.1.1g-12.el8_3.i686.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-devel-1.1.1g-12.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-libs-1.1.1g-12.el8_3.i686.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-libs-1.1.1g-12.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5476) openssl security and bug fix update openssl-perl-1.1.1g-12.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-devel-1.0.2k-21.el7_9.i686.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-devel-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-libs-1.0.2k-21.el7_9.i686.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-libs-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-perl-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-static-1.0.2k-21.el7_9.i686.rpm | Linux |
| (RHSA-2020:5566) openssl security update openssl-static-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| Openssl update (ELSA-2020-5566-1) openssl-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2020-5566-1) openssl-devel-1.0.2k-21.el7_9.i686.rpm | Linux |
| Openssl-devel update (ELSA-2020-5566-1) openssl-devel-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2020-5566-1) openssl-libs-1.0.2k-21.el7_9.i686.rpm | Linux |
| Openssl-libs update (ELSA-2020-5566-1) openssl-libs-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2020-5566-1) openssl-perl-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| Openssl-static update (ELSA-2020-5566-1) openssl-static-1.0.2k-21.el7_9.i686.rpm | Linux |
| Openssl-static update (ELSA-2020-5566-1) openssl-static-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| Openssl update (ELSA-2021-9137) openssl-1.0.1e-59.0.1.el6_10.i686.rpm | Linux |
| Openssl update (ELSA-2021-9137) openssl-1.0.1e-59.0.1.el6_10.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2021-9137) openssl-devel-1.0.1e-59.0.1.el6_10.i686.rpm | Linux |
| Openssl-devel update (ELSA-2021-9137) openssl-devel-1.0.1e-59.0.1.el6_10.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2021-9137) openssl-perl-1.0.1e-59.0.1.el6_10.i686.rpm | Linux |
| Openssl-perl update (ELSA-2021-9137) openssl-perl-1.0.1e-59.0.1.el6_10.x86_64.rpm | Linux |
| Openssl-static update (ELSA-2021-9137) openssl-static-1.0.1e-59.0.1.el6_10.i686.rpm | Linux |
| Openssl-static update (ELSA-2021-9137) openssl-static-1.0.1e-59.0.1.el6_10.x86_64.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-devel-1.0.2k-21.el7_9.i686.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-devel-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-libs-1.0.2k-21.el7_9.i686.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-libs-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-perl-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-static-1.0.2k-21.el7_9.i686.rpm | Linux |
| (CESA-2020:5566) openssl security update openssl-static-1.0.2k-21.el7_9.x86_64.rpm | Linux |
| Multiple Vulnerabilities are affected in Mysql 8.0.22 (For Linux) | Linux |
| Multiple Vulnerabilities are affected in Mysql 8.0.5 (For Linux) | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4745-1) libssl1.0.0_1.0.1-4ubuntu5.45_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4745-1) libssl1.0.0_1.0.1-4ubuntu5.45_amd64.deb | Linux |
| NULL Pointer Dereference Vulnerability (CVE-2020-1971) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-331885 | Duo Security Authentication Proxy (6.0.2) |
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-317847 | Node.js 14 (x64) (14.15.4) |
| PATCH-317845 | Node.js 14 (14.15.4) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-337447 | Nessus Agent (10.6.1) |
| PATCH-337448 | Nessus Agent (x64) (10.6.1) |
| PATCH-338054 | Duo Security Authentication Proxy (6.4.0) |
| PATCH-338227 | Duo Security Authentication Proxy (6.4.1) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-347137 | MySQL Workbench CE (x64) (8.0.42) |
| PATCH-347413 | Duo Security Authentication Proxy (6.5.0) |
| PATCH-347413 | Duo Security Authentication Proxy (6.5.0) |
| PATCH-347413 | Duo Security Authentication Proxy (6.5.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234