CVE-2020-1971: OpenSSL denial of service vulnerability alert

by ·

On December 8, 2020, openssl had issued a risk notice for the openssl denial of service vulnerability. The vulnerability number is CVE-2020-1971. The vulnerability level is high risk. When OpenSSL processes EDIPartyName (X.509 GeneralName type identifier), there is a null pointer dereference, which causes the program to crash and denial of service.

htt
A remote attacker triggers the vulnerability by constructing a special certificate verification process and causes a denial of service on the server, which affects the normal operation of business/functions.

Vulnerability Detail

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:

1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate

2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token)

Affected version

  • OpenSSL 1.1.1 and 1.0.2

Unaffected version

  • OpenSSL 1.1.1i

Solution

In this regard, we recommend that users upgrade openssl to the latest version in time.

Tags: