CVE & CISA-KEV Catalog

CVE-2020-1971

MEDIUMEPSS 93th pctl
5.9
CVSS v3
NVD

Description

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

How to fix

Remediation Available
opensslDebian
Fixed in:1.1.1i-1CVE-2020-1971
Fixed in:1.1.1i-1CVE-2020-1971
Fixed in:1.1.1i-1CVE-2020-1971
Fixed in:1.1.1i-1CVE-2020-1971
libssl1.0.0Ubuntu
Fixed in:1.0.1f-1ubuntu2.27+esm2USN-4745-1
Fixed in:1.0.2g-1ubuntu4.18USN-4662-1
Fixed in:1.0.2n-1ubuntu5.5USN-4662-1
libssl1.1Ubuntu
Fixed in:1.1.1-1ubuntu2.1~18.04.7USN-4662-1
Fixed in:1.1.1f-1ubuntu2.1USN-4662-1
opensslUbuntu
Fixed in:1.0.1f-1ubuntu2.27+esm2USN-4745-1
Fixed in:1.0.2g-1ubuntu4.18USN-4662-1
Fixed in:1.1.1-1ubuntu2.1~18.04.7USN-4662-1
Fixed in:1.1.1f-1ubuntu2.1USN-4662-1
openssl1.0Ubuntu
Fixed in:1.0.2n-1ubuntu5.5USN-4662-1
Node.jsWindows application
Affected:15.0.0 15.5.0Fixed in:15.5.0Node.js Foundation
Affected:14.15.0 14.15.4Fixed in:14.15.4Node.js Foundation
Affected:12.13.0 12.20.1Fixed in:12.20.1Node.js Foundation
Affected:10.13.0 10.23.1Fixed in:10.23.1Node.js Foundation
Node.js (LTS)Windows application
Affected:12.13.0 12.20.1Fixed in:12.20.1Node.js Foundation
Affected:10.13.0 10.23.1Fixed in:10.23.1Node.js Foundation
Affected:14.15.0 14.15.4Fixed in:14.15.4Node.js Foundation
Affected:15.0.0 15.5.0Fixed in:15.5.0Node.js Foundation

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

6.97%probability of exploitation in 30 days
93rdpercentile

High risk: more likely to be exploited than 93% of all known CVEs.

References

Related Vulnerabilities

Other CWE-476 (NULL Pointer Dereference) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-21758High7.592%-Fix
CVE-2023-21547High7.588%-Fix
CVE-2014-3470Medium4.386%-Fix
CVE-2021-44224High8.282%-Fix
CVE-2016-0742High7.582%-Fix
CVE-2009-1386Medium5.080%-Fix
Embed a live status badge for CVE-2020-1971
CVE-2020-1971 severity badge

Markdown

[![CVE-2020-1971](https://tridentstack.com/cve/badge/CVE-2020-1971.svg)](https://tridentstack.com/cve/CVE-2020-1971)

HTML

<a href="https://tridentstack.com/cve/CVE-2020-1971"><img src="https://tridentstack.com/cve/badge/CVE-2020-1971.svg" alt="CVE-2020-1971"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-29.