<!-- The updated attribute should be the same as the first public issue,
unless an old entry was updated. -->
-<security updated="20200909">
+<security updated="20201208">
+ <issue public="20201208">
+ <impact severity="High"/>
+ <cve name="2020-1971"/>
+ <affects base="1.1.1" version="1.1.1"/>
+ <affects base="1.1.1" version="1.1.1a"/>
+ <affects base="1.1.1" version="1.1.1b"/>
+ <affects base="1.1.1" version="1.1.1c"/>
+ <affects base="1.1.1" version="1.1.1d"/>
+ <affects base="1.1.1" version="1.1.1e"/>
+ <affects base="1.1.1" version="1.1.1f"/>
+ <affects base="1.1.1" version="1.1.1g"/>
+ <affects base="1.1.1" version="1.1.1h"/>
+ <affects base="1.0.2" version="1.0.2"/>
+ <affects base="1.0.2" version="1.0.2a"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <affects base="1.0.2" version="1.0.2d"/>
+ <affects base="1.0.2" version="1.0.2e"/>
+ <affects base="1.0.2" version="1.0.2f"/>
+ <affects base="1.0.2" version="1.0.2g"/>
+ <affects base="1.0.2" version="1.0.2h"/>
+ <affects base="1.0.2" version="1.0.2i"/>
+ <affects base="1.0.2" version="1.0.2j"/>
+ <affects base="1.0.2" version="1.0.2k"/>
+ <affects base="1.0.2" version="1.0.2l"/>
+ <affects base="1.0.2" version="1.0.2m"/>
+ <affects base="1.0.2" version="1.0.2n"/>
+ <affects base="1.0.2" version="1.0.2o"/>
+ <affects base="1.0.2" version="1.0.2p"/>
+ <affects base="1.0.2" version="1.0.2q"/>
+ <affects base="1.0.2" version="1.0.2r"/>
+ <affects base="1.0.2" version="1.0.2s"/>
+ <affects base="1.0.2" version="1.0.2t"/>
+ <affects base="1.0.2" version="1.0.2u"/>
+ <affects base="1.0.2" version="1.0.2v"/>
+ <affects base="1.0.2" version="1.0.2w"/>
+ <fixed base="1.1.1" version="1.1.1i" date="20201208">
+ <git hash="f960d81215ebf3f65e03d4d5d857fb9b666d6920"/>
+ </fixed>
+ <fixed base="1.0.2" version="1.0.2x" date="20201208">
+ <git hash="2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"/>
+ </fixed>
+ <problemtype>NULL pointer dereference</problemtype>
+ <title>EDIPARTYNAME NULL pointer dereference</title>
+ <description>
+The X.509 GeneralName type is a generic type for representing different types
+of names. One of those name types is known as EDIPartyName. OpenSSL provides a
+function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
+to see if they are equal or not. This function behaves incorrectly when both
+GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
+may occur leading to a possible denial of service attack.
+
+OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
+1) Comparing CRL distribution point names between an available CRL and a CRL
+ distribution point embedded in an X509 certificate
+2) When verifying that a timestamp response token signer matches the timestamp
+ authority name (exposed via the API functions TS_RESP_verify_response and
+ TS_RESP_verify_token)
+
+If an attacker can control both items being compared then that attacker could
+trigger a crash. For example if the attacker can trick a client or server into
+checking a malicious certificate against a malicious CRL then this may occur.
+Note that some applications automatically download CRLs based on a URL embedded
+in a certificate. This checking happens prior to the signatures on the
+certificate and CRL being verified. OpenSSL's s_server, s_client and verify
+tools have support for the "-crl_download" option which implements automatic
+CRL downloading and this attack has been demonstrated to work against those
+tools.
+
+Note that an unrelated bug means that affected versions of OpenSSL cannot parse
+or construct correct encodings of EDIPARTYNAME. However it is possible to
+construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
+trigger this attack.
+
+All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL
+releases are out of support and have not been checked.
+ </description>
+ <advisory url="/news/secadv/20201208.txt"/>
+ <reported source="David Benjamin (Google)"/>
+ </issue>
<issue public="20200909">
<impact severity="Low"/>
<cve name="2020-1968"/>
projects / openssl-web.git / blobdiff