ID

VAR-202012-1527


CVE

CVE-2020-1971


TITLE

OpenSSL Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202012-579

DESCRIPTION

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20201208.txt For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u4. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/PmNRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SrxA//cDd0JVO9bdkBLrjg3bh2ibaL7rZxWM2kDOZxQ9dTyuNKHXpk72EQN7bo YzYUOphu8Pea/v2E2bA0VzKka56lu1zmA1r2xXyZoK3YWoyVAdQe/AbrsNZh+k5U iZ9U5VeBNmb78vZqalFnecZBAhmPBmFKmE4yc7qhj+G1XGO+/yuRL8sBGpK3WKDX dj31X8+YlEfidj9LKj0mER1XpjaE7soWnmlFA8vI/cjBLnvWo4MyXUbicW2r028C KB/ACbp5BzXiZkcv45Dmk73Wp2GtMPamF3iL6VBNkEy5cBXvvD+WQCJLr87w+zHr Abvfz8UXvJnsD/qP7nEuQkMBDiZPeCIOe1lGtiNtU0oeDn1i9akVZ3pEtOf3azJ+ ZQRrxPY+qwWRenuf2CLBUzIzWh+9wUy3ZIOxSycBoqn1xN//EaZ38PNLpiYl2llM 1RyuvMn7jMo5Ow6keJ7ohIfY0FD3LNJId5Sf4EPfJHy/EAe/qSf+/WXXvLQAlMdg 0zkzBXSCHPlhOm4NgF+LuGqpyd10OK6O7C1eo2xejylohV1UJUXU+2CQfa2HQ0o4 eV5aYOsVEBPBIxedCd/XyVNCPrStetLhdP8kjASznPkIKcw1L7GW0SongEt6+7T+ csanRpBW+PoDRofOjop+zTAFesQLt/q7w2sjZCg2Wj/hEN6PeCs= =eV7T -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5641-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5641 Issue date: 2020-12-21 CVE Names: CVE-2020-1971 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm ppc64le: openssl-1.0.2k-9.el7_4.ppc64le.rpm openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-devel-1.0.2k-9.el7_4.ppc64le.rpm openssl-libs-1.0.2k-9.el7_4.ppc64le.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-perl-1.0.2k-9.el7_4.ppc64le.rpm openssl-static-1.0.2k-9.el7_4.ppc64le.rpm x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+CSxtzjgjWX9erEAQi3/w//Rv57DkdeZ0UAjMCli5BavpQzTqZUf0f2 BZCsLAdkggAxJly0ueWpdnQri8/5svI9GdRykPvjIYaR3CJtPbeFlg2b4rTzYudG wAQ5bNHZ6mVEiFtDboqcsDAIGHpij3Dd7nr7rngy/eSFmC+WE7o2fJ232K6szSCJ 5Pxz69Xx/FenX//PXPFUZCMxuvBKyQEdWZju6HJkxqdfnepdQNKD+cx/RA7XKk7L Wu0U+SeVDHJrzSntuHV3nAyAj51aO0Lt6tkw4Y+P9iv7fup0Idb/XJi8iICKsx8R IABgCClcL2Y8AaAXdp9++PNoYTO0smoa+wFE/YjZFvXyP2TlQERcrn2uaWcm+G/v GdKl/0z2FEfEV5Gh6T6XJNo1Lk9DqtXcG8wW71p64OYNWptztDgw8ipQzJL9yIOU gmtjxOOsteziZEyFcNIZGV2QbI6wA8Y8FN33+e7YwNmXaFivPGXr0SoUuo9ya8i0 T8lWgOSQpY/1XazsDxNq1RY3y9M9zq+MCBS7xTB7AILm4daQc3msUSaLay6+HhQR ze30eFpLxYWlLxJmJNbq7MMGEmv+nJryNW3fPdZ1SOcR7mlkB4atp4+H5iEW69pV MDdDUZe5ZLVrYX4/p5BsaeFo/b7qGJGE4OmiXoDsvyO/HgGurAv7NAmYZfZ3exAr 02z1QWeZU4Q= =eYwW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.7) - ppc64, ppc64le, s390x, x86_64 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bug Fix(es): * Configuring the system with non-RT kernel will hang the system (BZ#1923220) 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 5. JIRA issues fixed (https://issues.jboss.org/): CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests 6. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. 7) - aarch64, ppc64le, s390x 3. 8.2) - aarch64, ppc64le, s390x, x86_64 3

Trust: 1.89

sources: NVD: CVE-2020-1971 // VULHUB: VHN-173115 // PACKETSTORM: 168955 // PACKETSTORM: 160638 // PACKETSTORM: 160644 // PACKETSTORM: 160605 // PACKETSTORM: 161727 // PACKETSTORM: 161382 // PACKETSTORM: 161548 // PACKETSTORM: 162130 // PACKETSTORM: 160651 // PACKETSTORM: 160499

AFFECTED PRODUCTS

vendor:oraclemodel:business intelligencescope:eqversion:5.9.0.0.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.3

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.3.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:14.15.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:oraclemodel:jd edwards world securityscope:eqversion:a9.4

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.3

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.32

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.2

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.4

Trust: 1.0

vendor:netappmodel:manageability software development kitscope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:12.12.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.4

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1i

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.5.3

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.15

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.2

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:15.5.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:netappmodel:aff a250scope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:14.14.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.22

Trust: 1.0

vendor:netappmodel:plug-in for symantec netbackupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.4

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2x

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.20.1

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.60.3

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.5.0.0.0

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.2

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:ltversion:5.13.1

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:tenablemodel:log correlation enginescope:ltversion:6.0.9

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:8.0.22

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.2

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.2.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.23.1

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:netappmodel:santricity smi-s providerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.2

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.13.0

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:15.0.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.15.0

Trust: 1.0

vendor:oraclemodel:communications unified session managerscope:eqversion:scz8.2.5

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.1.0

Trust: 1.0

vendor:netappmodel:ef600ascope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-1971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1971
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202012-579
value: MEDIUM

Trust: 0.6

VULHUB: VHN-173115
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1971
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-173115
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1971
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-173115 // CNNVD: CNNVD-202012-579 // NVD: CVE-2020-1971

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

sources: VULHUB: VHN-173115 // NVD: CVE-2020-1971

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-579

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-579

PATCH

title:OpenSSL Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137225

Trust: 0.6

sources: CNNVD: CNNVD-202012-579

EXTERNAL IDS

db:NVDid:CVE-2020-1971

Trust: 2.7

db:TENABLEid:TNS-2021-10

Trust: 1.7

db:TENABLEid:TNS-2021-09

Trust: 1.7

db:TENABLEid:TNS-2020-11

Trust: 1.7

db:SIEMENSid:SSA-389290

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/09/14/2

Trust: 1.7

db:PULSESECUREid:SA44676

Trust: 1.7

db:PACKETSTORMid:160605

Trust: 0.8

db:PACKETSTORMid:161727

Trust: 0.8

db:PACKETSTORMid:160499

Trust: 0.8

db:PACKETSTORMid:162130

Trust: 0.8

db:PACKETSTORMid:161525

Trust: 0.7

db:PACKETSTORMid:160916

Trust: 0.7

db:PACKETSTORMid:161379

Trust: 0.7

db:PACKETSTORMid:160636

Trust: 0.7

db:PACKETSTORMid:160704

Trust: 0.7

db:PACKETSTORMid:161916

Trust: 0.7

db:PACKETSTORMid:160523

Trust: 0.7

db:PACKETSTORMid:162142

Trust: 0.7

db:PACKETSTORMid:160961

Trust: 0.7

db:PACKETSTORMid:160414

Trust: 0.7

db:PACKETSTORMid:160882

Trust: 0.7

db:PACKETSTORMid:160410

Trust: 0.6

db:AUSCERTid:ESB-2021.4104

Trust: 0.6

db:AUSCERTid:ESB-2021.0111

Trust: 0.6

db:AUSCERTid:ESB-2021.1193

Trust: 0.6

db:AUSCERTid:ESB-2021.0691

Trust: 0.6

db:AUSCERTid:ESB-2021.0099

Trust: 0.6

db:AUSCERTid:ESB-2021.0319

Trust: 0.6

db:AUSCERTid:ESB-2021.0584

Trust: 0.6

db:AUSCERTid:ESB-2021.0184.2

Trust: 0.6

db:AUSCERTid:ESB-2021.0845

Trust: 0.6

db:AUSCERTid:ESB-2021.0864

Trust: 0.6

db:AUSCERTid:ESB-2021.0160

Trust: 0.6

db:AUSCERTid:ESB-2020.4394

Trust: 0.6

db:AUSCERTid:ESB-2021.1618

Trust: 0.6

db:AUSCERTid:ESB-2021.0233

Trust: 0.6

db:AUSCERTid:ESB-2020.4426.2

Trust: 0.6

db:AUSCERTid:ESB-2021.0986

Trust: 0.6

db:AUSCERTid:ESB-2021.0184

Trust: 0.6

db:AUSCERTid:ESB-2020.4385

Trust: 0.6

db:AUSCERTid:ESB-2020.4426.3

Trust: 0.6

db:AUSCERTid:ESB-2020.4514

Trust: 0.6

db:AUSCERTid:ESB-2021.0212

Trust: 0.6

db:AUSCERTid:ESB-2021.4083

Trust: 0.6

db:AUSCERTid:ESB-2021.2781

Trust: 0.6

db:AUSCERTid:ESB-2021.0670

Trust: 0.6

db:AUSCERTid:ESB-2020.4320

Trust: 0.6

db:AUSCERTid:ESB-2020.4365

Trust: 0.6

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:AUSCERTid:ESB-2021.1207

Trust: 0.6

db:AUSCERTid:ESB-2021.1916

Trust: 0.6

db:LENOVOid:LEN-60182

Trust: 0.6

db:CS-HELPid:SB2022071618

Trust: 0.6

db:CS-HELPid:SB2021072165

Trust: 0.6

db:CS-HELPid:SB2022072010

Trust: 0.6

db:CS-HELPid:SB2021101259

Trust: 0.6

db:CS-HELPid:SB2021042543

Trust: 0.6

db:CS-HELPid:SB2021120313

Trust: 0.6

db:CS-HELPid:SB2022060315

Trust: 0.6

db:CS-HELPid:SB2021101929

Trust: 0.6

db:CS-HELPid:SB2022042259

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2021042618

Trust: 0.6

db:CS-HELPid:SB2021051226

Trust: 0.6

db:ICS CERTid:ICSA-21-336-06

Trust: 0.6

db:CNNVDid:CNNVD-202012-579

Trust: 0.6

db:PACKETSTORMid:160644

Trust: 0.2

db:PACKETSTORMid:161382

Trust: 0.2

db:PACKETSTORMid:160651

Trust: 0.2

db:PACKETSTORMid:160638

Trust: 0.2

db:PACKETSTORMid:161003

Trust: 0.1

db:PACKETSTORMid:161388

Trust: 0.1

db:PACKETSTORMid:161004

Trust: 0.1

db:PACKETSTORMid:160654

Trust: 0.1

db:PACKETSTORMid:161387

Trust: 0.1

db:PACKETSTORMid:160569

Trust: 0.1

db:PACKETSTORMid:161389

Trust: 0.1

db:PACKETSTORMid:161390

Trust: 0.1

db:PACKETSTORMid:160561

Trust: 0.1

db:PACKETSTORMid:160639

Trust: 0.1

db:PACKETSTORMid:161011

Trust: 0.1

db:VULHUBid:VHN-173115

Trust: 0.1

db:PACKETSTORMid:168955

Trust: 0.1

db:PACKETSTORMid:161548

Trust: 0.1

sources: VULHUB: VHN-173115 // PACKETSTORM: 168955 // PACKETSTORM: 160638 // PACKETSTORM: 160644 // PACKETSTORM: 160605 // PACKETSTORM: 161727 // PACKETSTORM: 161382 // PACKETSTORM: 161548 // PACKETSTORM: 162130 // PACKETSTORM: 160651 // PACKETSTORM: 160499 // CNNVD: CNNVD-202012-579 // NVD: CVE-2020-1971

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://www.openssl.org/news/secadv/20201208.txt

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44676

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20201218-0005/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210513-0002/

Trust: 1.7

url:https://www.tenable.com/security/tns-2020-11

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-09

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-10

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4807

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-20:33.openssl.asc

Trust: 1.7

url:https://security.gentoo.org/glsa/202012-13

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/09/14/2

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 1.5

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 1.5

url:https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920

Trust: 1.0

url:https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

Trust: 0.7

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/

Trust: 0.7

url:https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3ccommits.pulsar.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulnerability-in-openssl-affects-ibm-infosphere-information-server/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4426.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4365/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1207

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-openssl/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2781

Trust: 0.6

url:https://packetstormsecurity.com/files/160499/red-hat-security-advisory-2020-5422-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-openssl-vulnerability/

Trust: 0.6

url:https://packetstormsecurity.com/files/160605/red-hat-security-advisory-2020-5623-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0212/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2020-1971/

Trust: 0.6

url:http-request-smuggling-vulnerabilities/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-multiple-denial-of-service-and-

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071618

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerability-cve-2020-1971/

Trust: 0.6

url:https://packetstormsecurity.com/files/161525/ubuntu-security-notice-usn-4745-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4394/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-cve-2020-1971-cve-2020-15999-cve-2017-12652/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1618

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4426.2/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6490837

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0184/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042543

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0099/

Trust: 0.6

url:https://packetstormsecurity.com/files/160636/red-hat-security-advisory-2020-5637-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0160/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051226

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101929

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6486087

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072165

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4104

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-vulnerabilities-cve-2020-1971-cve-2020-8265-and-cve-2020-8287/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1193

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101259

Trust: 0.6

url:https://packetstormsecurity.com/files/160882/red-hat-security-advisory-2021-0056-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/160916/red-hat-security-advisory-2021-0083-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1916

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb20220720109

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-cve-2020-1971/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4320/

Trust: 0.6

url:https://packetstormsecurity.com/files/160410/openssl-toolkit-1.1.1i.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0670

Trust: 0.6

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202107-0000001170634565

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6507579

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2020-1971/

Trust: 0.6

url:https://packetstormsecurity.com/files/160523/red-hat-security-advisory-2020-5476-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4385/

Trust: 0.6

url:https://packetstormsecurity.com/files/160414/ubuntu-security-notice-usn-4662-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0111/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1971/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120313

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4083

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520674

Trust: 0.6

url:https://source.android.com/security/bulletin/pixel/2021-06-01

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042618

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042259

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0845

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0691

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0233/

Trust: 0.6

url:https://vigilance.fr/vulnerability/openssl-null-pointer-dereference-via-general-name-cmp-34055

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-2020-1971/

Trust: 0.6

url:https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/

Trust: 0.6

url:https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-60182

Trust: 0.6

url:https://packetstormsecurity.com/files/161379/red-hat-security-advisory-2021-0486-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0319/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0584

Trust: 0.6

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-1971

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0184.2

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2020-1971/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-4/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2020-1968-cve-2020-1971/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0864

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0986

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6522990

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-1968-vulnerability-in-openssl-may-affect-ibm-workload-scheduler-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-denial-of-service-dos-vulnerability-in-openssl-cve-2020-1971/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4514/

Trust: 0.6

url:http-jackson-databind-openssl-and-node-js-affect-ibm-spectrum-control/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-apache-

Trust: 0.6

url:https://packetstormsecurity.com/files/160704/gentoo-linux-security-advisory-202012-13.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6490373

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6479353

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971-2/

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5639

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5641

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.1

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0488

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl&downloadtype=securitypatches&version=1.1.1c

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=securitypatches&version=2.4.37

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10726

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10725

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10725

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10722

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10029

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24659

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10726

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27813

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5633

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25645

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7053

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5642

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5422

Trust: 0.1

sources: VULHUB: VHN-173115 // PACKETSTORM: 168955 // PACKETSTORM: 160638 // PACKETSTORM: 160644 // PACKETSTORM: 160605 // PACKETSTORM: 161727 // PACKETSTORM: 161382 // PACKETSTORM: 161548 // PACKETSTORM: 162130 // PACKETSTORM: 160651 // PACKETSTORM: 160499 // CNNVD: CNNVD-202012-579 // NVD: CVE-2020-1971

CREDITS

Red Hat

Trust: 1.5

sources: PACKETSTORM: 160638 // PACKETSTORM: 160644 // PACKETSTORM: 160605 // PACKETSTORM: 161727 // PACKETSTORM: 161382 // PACKETSTORM: 161548 // PACKETSTORM: 162130 // PACKETSTORM: 160651 // PACKETSTORM: 160499 // CNNVD: CNNVD-202012-579

SOURCES

db:VULHUBid:VHN-173115
db:PACKETSTORMid:168955
db:PACKETSTORMid:160638
db:PACKETSTORMid:160644
db:PACKETSTORMid:160605
db:PACKETSTORMid:161727
db:PACKETSTORMid:161382
db:PACKETSTORMid:161548
db:PACKETSTORMid:162130
db:PACKETSTORMid:160651
db:PACKETSTORMid:160499
db:CNNVDid:CNNVD-202012-579
db:NVDid:CVE-2020-1971

LAST UPDATE DATE

2025-03-31T18:02:46.329000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-173115date:2022-08-29T00:00:00
db:CNNVDid:CNNVD-202012-579date:2022-07-21T00:00:00
db:NVDid:CVE-2020-1971date:2024-11-21T05:11:45.673

SOURCES RELEASE DATE

db:VULHUBid:VHN-173115date:2020-12-08T00:00:00
db:PACKETSTORMid:168955date:2020-12-28T20:12:00
db:PACKETSTORMid:160638date:2020-12-21T17:29:16
db:PACKETSTORMid:160644date:2020-12-21T17:38:24
db:PACKETSTORMid:160605date:2020-12-17T18:21:28
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:161382date:2021-02-11T15:19:41
db:PACKETSTORMid:161548date:2021-02-25T15:30:03
db:PACKETSTORMid:162130date:2021-04-08T14:00:00
db:PACKETSTORMid:160651date:2020-12-21T20:17:29
db:PACKETSTORMid:160499date:2020-12-15T15:39:39
db:CNNVDid:CNNVD-202012-579date:2020-12-08T00:00:00
db:NVDid:CVE-2020-1971date:2020-12-08T16:15:11.730