You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to nvd@nist.gov.
CVE Modified by OpenSSL Software Foundation6/21/2024 3:15:16 PM
Action
Type
Old Value
New Value
Added
Reference
OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned]
CVE Modified by OpenSSL Software Foundation5/14/2024 2:42:43 AM
Action
Type
Old Value
New Value
CVE Modified by OpenSSL Software Foundation11/06/2023 10:19:39 PM
Action
Type
Old Value
New Value
Added
Reference
OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e [No types assigned]
Added
Reference
OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920 [No types assigned]
Added
Reference
OpenSSL Software Foundation https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E [No types assigned]
Added
Reference
OpenSSL Software Foundation https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E [No types assigned]
Added
Reference
OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/ [No types assigned]
Added
Reference
OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/ [No types assigned]
Removed
Reference
OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
Removed
Reference
OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920
Removed
Reference
OpenSSL Software Foundation https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E
Removed
Reference
OpenSSL Software Foundation https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E
Removed
Reference
OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/
Removed
Reference
OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/
Reanalysis by NIST8/29/2022 4:27:21 PM
Action
Type
Old Value
New Value
Added
CPE Configuration
OR
*cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 10.0.0 up to (including) 10.12.0
*cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 10.13.0 up to (excluding) 10.23.1
*cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 12.0.0 up to (including) 12.12.0
*cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 12.13.0 up to (excluding) 12.20.1
*cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 14.0.0 up to (including) 14.14.0
*cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 14.15.0 up to (excluding) 14.15.4
*cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 15.0.0 up to (excluding) 15.5.0
OR
*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (including) 1.0.2w
*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (including) 1.1.1h
OR
*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (excluding) 1.0.2x
*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (excluding) 1.1.1i
OR
*cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
*cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (including) 11.60.3
*cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
*cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
*cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
OR
*cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
*cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
*cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
*cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (including) 11.60.3
*cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
*cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
*cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
Changed
CPE Configuration
OR
*cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
*cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
*cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
*cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
*cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to (including) 8.0.22
OR
*cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9
*cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:* versions up to (excluding) 5.13.1
Changed
Reference Type
http://www.openwall.com/lists/oss-security/2021/09/14/2 No Types Assigned
http://www.openwall.com/lists/oss-security/2021/09/14/2 Mailing List, Third Party Advisory
Changed
Reference Type
https://security.netapp.com/advisory/ntap-20210513-0002/ No Types Assigned
https://security.netapp.com/advisory/ntap-20210513-0002/ Third Party Advisory
Changed
Reference Type
https://www.oracle.com//security-alerts/cpujul2021.html No Types Assigned
https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory
Changed
Reference Type
https://www.oracle.com/security-alerts/cpuApr2021.html No Types Assigned
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory
Changed
Reference Type
https://www.tenable.com/security/tns-2021-09 No Types Assigned
https://www.tenable.com/security/tns-2021-09 Third Party Advisory
Changed
Reference Type
https://www.tenable.com/security/tns-2021-10 No Types Assigned
https://www.tenable.com/security/tns-2021-10 Third Party Advisory
CVE Modified by OpenSSL Software Foundation9/14/2021 8:15:07 PM
AND
OR
*cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
OR
cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*
OR
cpe:2.3:h:netapp:ef600a:-:*:*:*:*:*:*:*
Added
CPE Configuration
OR
*cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
*cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (including) 11.60.3
*cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
*cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
*cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
*cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
Added
CPE Configuration
OR
*cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
*cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
*cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
*cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
*cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to (including) 8.0.22
Added
CPE Configuration
OR
*cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
*cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Changed
Reference Type
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 No Types Assigned
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 Third Party Advisory
Changed
Reference Type
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E No Types Assigned
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E Mailing List, Third Party Advisory
Changed
Reference Type
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E No Types Assigned
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E Third Party Advisory
Changed
Reference Type
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html Mailing List, Third Party Advisory
Changed
Reference Type
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html Mailing List, Third Party Advisory
Changed
Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/ Third Party Advisory
Changed
Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/ Third Party Advisory
Changed
Reference Type
https://security.gentoo.org/glsa/202012-13 No Types Assigned
https://security.gentoo.org/glsa/202012-13 Third Party Advisory
Changed
Reference Type
https://security.netapp.com/advisory/ntap-20201218-0005/ No Types Assigned
https://security.netapp.com/advisory/ntap-20201218-0005/ Third Party Advisory
Changed
Reference Type
https://www.oracle.com/security-alerts/cpujan2021.html No Types Assigned
https://www.oracle.com/security-alerts/cpujan2021.html Third Party Advisory
Changed
Reference Type
https://www.tenable.com/security/tns-2020-11 No Types Assigned
https://www.tenable.com/security/tns-2020-11 Third Party Advisory
CVE Modified by OpenSSL Software Foundation2/07/2021 3:15:13 AM
OR
*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (including) 1.0.2w
*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (including) 1.1.1h
Added
CPE Configuration
OR
*cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Changed
Reference Type
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e No Types Assigned
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e Broken Link
Changed
Reference Type
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920 No Types Assigned
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
