CVE-2020-1971 Overview
CVE-2020-1971 is a Null Pointer Dereference vulnerability in OpenSSL's GENERAL_NAME_cmp function that can be exploited to cause a denial of service condition. The vulnerability exists in how OpenSSL handles comparisons of X.509 GeneralName types when both contain an EDIPARTYNAME. When an attacker controls both items being compared—such as a malicious certificate and a malicious CRL—they can trigger a NULL pointer dereference resulting in an application crash.
The X.509 GeneralName type is a generic structure for representing different types of names, including EDIPartyName. OpenSSL's GENERAL_NAME_cmp function is used for comparing CRL distribution point names against embedded distribution points in X509 certificates, and for verifying timestamp response token signers against timestamp authority names.
Critical Impact
Applications using vulnerable OpenSSL versions for certificate validation or timestamp verification can be crashed remotely if an attacker can supply malicious certificates and CRLs. Applications that automatically download CRLs based on certificate-embedded URLs are particularly at risk.
Affected Products
- OpenSSL 1.1.1 through 1.1.1h
- OpenSSL 1.0.2 through 1.0.2w
- Debian Linux 9.0 and 10.0
- Fedora 32 and 33
- Node.js (multiple versions)
- Oracle MySQL Server, GraalVM, HTTP Server, and numerous Oracle products
- NetApp Data ONTAP, SnapCenter, Active IQ Unified Manager, and other NetApp products
- Tenable Nessus Network Monitor and Log Correlation Engine
- Siemens SINEC Infrastructure Network Services
Discovery Timeline
- 2020-12-08 - CVE-2020-1971 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2020-1971
Vulnerability Analysis
The vulnerability resides in OpenSSL's GENERAL_NAME_cmp function, which compares different instances of GENERAL_NAME structures. When both GENERAL_NAME arguments contain an EDIPARTYNAME type, the comparison function incorrectly handles the data, leading to a NULL pointer dereference.
OpenSSL uses this comparison function in two critical scenarios: verifying CRL distribution points against those embedded in X509 certificates, and validating timestamp response token signers through the TS_RESP_verify_response and TS_RESP_verify_token API functions. The vulnerability can be triggered prior to signature verification on certificates and CRLs, expanding the attack surface.
An interesting characteristic of this vulnerability is that affected OpenSSL versions cannot actually parse or construct correct encodings of EDIPARTYNAME. However, malformed EDIPARTYNAME structures that OpenSSL's parser will accept can be crafted to trigger the vulnerability.
Root Cause
The root cause is improper handling of NULL pointers within the GENERAL_NAME_cmp function when processing EDIPARTYNAME types. The function fails to validate that internal pointers are non-NULL before dereferencing them during the comparison operation. This represents CWE-476 (NULL Pointer Dereference).
Attack Vector
The attack requires network access and the ability to supply both items being compared. The most practical attack scenario involves:
- An attacker creates a malicious X509 certificate containing a specially crafted EDIPARTYNAME in its CRL distribution point
- The attacker also creates or controls a malicious CRL with a matching malformed EDIPARTYNAME
- When a vulnerable application attempts to verify the certificate against the CRL, the comparison triggers the NULL pointer dereference
Applications with automatic CRL downloading enabled (such as those using the -crl_download option in OpenSSL's s_server, s_client, or verify tools) are particularly vulnerable, as demonstrated by OpenSSL's security researchers.
The attack can be delivered as follows:
Attack Scenario:
1. Victim application configured with automatic CRL downloading
2. Attacker provides malicious certificate to victim (e.g., during TLS handshake)
3. Certificate contains malformed CRL distribution point with crafted EDIPARTYNAME
4. Application follows embedded URL to download attacker-controlled CRL
5. CRL contains matching malformed EDIPARTYNAME
6. GENERAL_NAME_cmp() called to compare distribution points
7. NULL pointer dereference occurs, crashing the application
Detection Methods for CVE-2020-1971
Indicators of Compromise
- Sudden crashes in applications using OpenSSL for certificate validation
- Core dumps or crash logs showing NULL pointer dereference in OpenSSL libraries
- Unexpected CRL download attempts to unfamiliar or suspicious URLs
- Application failures during TLS handshake or certificate verification operations
Detection Strategies
- Monitor application logs for crashes related to OpenSSL certificate or CRL processing functions
- Implement network monitoring to detect unusual CRL download patterns or connections to suspicious distribution points
- Use vulnerability scanners to identify systems running affected OpenSSL versions (1.1.1 through 1.1.1h or 1.0.2 through 1.0.2w)
- Deploy runtime application monitoring to detect NULL pointer dereference exceptions in SSL/TLS handling code
Monitoring Recommendations
- Enable crash reporting and alerting for critical applications using OpenSSL
- Monitor for repeated application restarts that may indicate ongoing denial of service attacks
- Track network traffic for certificate exchanges containing unusual or malformed EDIPARTYNAME extensions
- Implement logging around certificate validation and CRL checking operations
How to Mitigate CVE-2020-1971
Immediate Actions Required
- Upgrade OpenSSL to version 1.1.1i or later for the 1.1.1 branch
- Upgrade OpenSSL to version 1.0.2x or later for the 1.0.2 branch
- Update all dependent applications and libraries that bundle OpenSSL
- Review and update Oracle, NetApp, Tenable, Siemens, and other vendor products to patched versions
Patch Information
OpenSSL has released patched versions that address this vulnerability:
- OpenSSL 1.1.1i fixes the vulnerability for the 1.1.1 branch (affected: 1.1.1 through 1.1.1h)
- OpenSSL 1.0.2x fixes the vulnerability for the 1.0.2 branch (affected: 1.0.2 through 1.0.2w)
The patches are available through the OpenSSL Security Advisory December 2020. Additional vendor-specific patches are available from Oracle CPU April 2021, NetApp Security Advisory, and Debian Security Advisory DSA-4807.
Workarounds
- Disable automatic CRL downloading where possible (remove -crl_download option from OpenSSL tools)
- Implement network-level filtering to block CRL downloads from untrusted sources
- Configure applications to use a trusted, locally-maintained CRL repository instead of following certificate-embedded URLs
- Consider disabling CRL checking temporarily while patching, accepting the trade-off in revocation checking capability
# Example: Check OpenSSL version and update on Debian/Ubuntu
openssl version
sudo apt-get update
sudo apt-get install openssl libssl1.1
# Example: Verify updated version
openssl version -a
# Should show 1.1.1i or later
# Example: Disable CRL downloading in OpenSSL s_client (remove -crl_download flag)
# Instead of:
# openssl s_client -connect example.com:443 -crl_download
# Use:
openssl s_client -connect example.com:443
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
