exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

CVE-2020-1971

Status Candidate

Overview

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Related Files

Red Hat Security Advisory 2021-1079-01
Posted Apr 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1079-01 - Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Data exposure issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-12652, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-14422, CVE-2020-15999, CVE-2020-1971, CVE-2020-5313
SHA-256 | a0673c02c767215a0535af311644e98d31b6956c4e2cc33033d2203fa50abe65
Red Hat Security Advisory 2021-1129-01
Posted Apr 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1129-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19126, CVE-2019-19532, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-0427, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-14040, CVE-2020-14351, CVE-2020-1971
SHA-256 | 080546fe1bfc5e278c82d7414e75a36e9df9b89d827f78304ae6390c7b762f52
Red Hat Security Advisory 2021-0949-01
Posted Mar 22, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0949-01 - Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Red Hat OpenShift Do openshift/odo-init-image 1.1.3 is a container image that is used as part of the InitContainer setup that provisions odo components.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-1971, CVE-2020-6829, CVE-2020-7595, CVE-2020-8177
SHA-256 | 0f1e14fcd33ae341ac5a449e63f1c5aaf2d67016bb8f8bf52669a3ae8351010d
Red Hat Security Advisory 2021-0778-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2016-5766, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20372, CVE-2019-20388, CVE-2019-20907, CVE-2020-10543, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-1971
SHA-256 | b36485939bcc96f4f05a1b61fcc6c6e3aefa7b635d0f1eb06d546cdccf61da2a
Ubuntu Security Notice USN-4745-1
Posted Feb 24, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4745-1 - David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1971, CVE-2021-23841
SHA-256 | 594943b8b44945ac34249f81d528339b7a0f2254e67a4e5d515bb1a700ce41c6
Red Hat Security Advisory 2021-0495-01
Posted Feb 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0495-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4.1 serves as a replacement for Red Hat JBoss Web Server 5.4.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include information leakage and null pointer vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-13943, CVE-2020-17527, CVE-2020-1971, CVE-2021-24122
SHA-256 | 509af1d66234eeb0b945b2480eb44b7ab50abe8dbfb702cd95c57736319e552b
Red Hat Security Advisory 2021-0494-01
Posted Feb 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0494-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4.1 serves as a replacement for Red Hat JBoss Web Server 5.4.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include information leakage and null pointer vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-13943, CVE-2020-17527, CVE-2020-1971, CVE-2021-24122
SHA-256 | 1ce6ce10981c92ecfd2b190416f912213353234425c047f7f03ebe8cae8093d3
Red Hat Security Advisory 2021-0491-01
Posted Feb 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0491-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 11 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a null pointer vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | c3379ab9a117abe29d53d392163c491e114d7a9fd1909a7d4bf216974ecc360c
Red Hat Security Advisory 2021-0489-01
Posted Feb 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0489-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 11 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a null pointer vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | a945ce31cc7b279b0c850f7a926f2d2282fbe9067693ba741b3aa6b34abba1fe
Red Hat Security Advisory 2021-0488-01
Posted Feb 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0488-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 and includes bug fixes and enhancements. Issues addressed include a null pointer vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | fb1cf902853d367b655b03bfff146db5836033f18cf8a6aa748e54b1b7a8ea94
Red Hat Security Advisory 2021-0486-01
Posted Feb 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0486-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 and includes bug fixes and enhancements. Issues addressed include a null pointer vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 70a9190493201fc49a86dd51df355a7c71f6906fb4de3bc80814b00dd3856cbb
Red Hat Security Advisory 2021-0187-01
Posted Jan 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0187-01 - Red Hat OpenShift Virtualization release 2.5.3 is now available with updates to packages and images that fix several bugs and security issues. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-12321, CVE-2020-16166, CVE-2020-1971, CVE-2020-27813, CVE-2020-8177
SHA-256 | 6752d6aee6eb90952e29ab881c718aec2f43fd736f5e086a59073f307f14c18c
Red Hat Security Advisory 2021-0037-01
Posted Jan 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0037-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.12.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13249, CVE-2020-1971, CVE-2020-2304, CVE-2020-2305, CVE-2020-2306, CVE-2020-2307, CVE-2020-2308, CVE-2020-2309, CVE-2020-25641, CVE-2020-25694, CVE-2020-25696, CVE-2020-2574, CVE-2020-2752, CVE-2020-28362, CVE-2020-2922, CVE-2020-8177, CVE-2020-8566
SHA-256 | c5836efc75c1930c25244b69128f20f0fad78d2ba1366c08232c2de9ec5d3b20
Red Hat Security Advisory 2021-0039-01
Posted Jan 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0039-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-1971, CVE-2020-2304, CVE-2020-2305, CVE-2020-2306, CVE-2020-2307, CVE-2020-2308, CVE-2020-2309, CVE-2020-25641, CVE-2020-28362, CVE-2020-8177
SHA-256 | 5e7dabe039c755a21129572b09b2ca4903e4baa8a0054b743ad559e7f91458e5
Red Hat Security Advisory 2021-0146-01
Posted Jan 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0146-01 - Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-13050, CVE-2019-13627, CVE-2019-14889, CVE-2019-15903, CVE-2019-16168, CVE-2019-19221, CVE-2019-19906, CVE-2019-19956, CVE-2019-20218, CVE-2019-20387, CVE-2019-20388, CVE-2019-20454, CVE-2019-5018, CVE-2020-10029, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-1730, CVE-2020-1751, CVE-2020-1752, CVE-2020-1971, CVE-2020-24553, CVE-2020-24659, CVE-2020-28362, CVE-2020-28366, CVE-2020-28367
SHA-256 | a86c00be6acf79cfc141fb047b2a8d856fd69b40c660eaa8ec6d9b8a5a91d313
Red Hat Security Advisory 2021-0083-01
Posted Jan 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0083-01 - The rhceph-4.2 image is based on Red Hat Ceph Storage 4.2 and Red Hat Enterprise Linux. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379, CVE-2020-1971, CVE-2020-24659
SHA-256 | e943336edc5347bcba6786ff67a9a3dc7132f73006690c613ae8589772698114
Red Hat Security Advisory 2021-0056-01
Posted Jan 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0056-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 7bad1e43f85253c81cdfdaa40e8c63abfa1d054fcfe190a73cafca783540103d
Debian Security Advisory 4807-1
Posted Dec 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4807-1 - David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2020-1971
SHA-256 | 301c7963e0154712e1745c9d2397ec887def5b0060c1cc740ed144f687109534
Gentoo Linux Security Advisory 202012-13
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-13 - A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1i are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2020-1971
SHA-256 | 09e5b24d63f4ea0a050e578a37335da92e11ede695aad3cf7d56ff726f941130
Red Hat Security Advisory 2020-5614-01
Posted Dec 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15862, CVE-2020-16166, CVE-2020-1971, CVE-2020-27836, CVE-2020-8177
SHA-256 | 778636deea731ea550688f490618437a9bec01f6c8696ff1bfdd7d6d0b4746ba
Red Hat Security Advisory 2020-5642-01
Posted Dec 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5642-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 19073a88a750625285fe5f97b46fc61f1a4c8ceb3b7cc90bf496cf79bb21255a
Red Hat Security Advisory 2020-5641-01
Posted Dec 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5641-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 553c468a3a3b6abe200e7f0f40ed45f481e6314dd772e931d71512e9fcc56c72
Red Hat Security Advisory 2020-5640-01
Posted Dec 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5640-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 3028136ba1fcf563037cd9dd86139075e05082083b6b2cc8f78876d8b59e50b0
Red Hat Security Advisory 2020-5639-01
Posted Dec 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5639-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 309fa8df8ed35773aa89a386c479e50a3b63d7880c718e63b7448470ca7fbd4c
Red Hat Security Advisory 2020-5637-01
Posted Dec 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5637-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 8dcd70c8b844143bec62a5292f786450ffb3669151e1605e9d2aa9079e332ead
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close