CVE-2020-1971

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1h OpenSSL versions 1.0.2 through 1.0.2w

Description The issue is related to the GENERAL NAME cmp function in OpenSSL, which compares different instances of a GENERAL NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL NAMEs contain an EDIPARTYNAME, leading to a NULL pointer dereference and a crash, which may result in a denial of service attack. The GENERAL NAME cmp function is used for comparing CRL distribution point names and verifying timestamp response token signers. An attacker could trigger a crash by controlling both items being compared, for example, by tricking a client or server into checking a malicious certificate against a malicious CRL. Some applications automatically download CRLs based on a URL embedded in a certificate, which may also lead to this issue.

Recommendations For OpenSSL versions 1.1.1 through 1.1.1h, update to version 1.1.1i. For OpenSSL versions 1.0.2 through 1.0.2w, update to version 1.0.2x. As a temporary workaround, consider disabling the GENERAL NAME cmp function or restricting the use of EDIPARTYNAME until a patch is available. Avoid using the "-crl download" option in OpenSSL's s server, s client, and verify tools until the issue is resolved.