ID

VAR-202012-1527


CVE

CVE-2020-1971


TITLE

OpenSSL Security Advisory 20201208

Trust: 0.1

sources: PACKETSTORM: 169642

DESCRIPTION

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This issue was reported to OpenSSL on 9th November 2020 by David Benjamin (Google). Initial analysis was performed by David Benjamin with additional analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell. Note ==== OpenSSL 1.0.2 is out of support and no longer receiving public updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20201208.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5639-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5639 Issue date: 2020-12-21 CVE Names: CVE-2020-1971 ===================================================================== 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: openssl-1.0.1e-52.el7_2.src.rpm x86_64: openssl-1.0.1e-52.el7_2.x86_64.rpm openssl-debuginfo-1.0.1e-52.el7_2.i686.rpm openssl-debuginfo-1.0.1e-52.el7_2.x86_64.rpm openssl-devel-1.0.1e-52.el7_2.i686.rpm openssl-devel-1.0.1e-52.el7_2.x86_64.rpm openssl-libs-1.0.1e-52.el7_2.i686.rpm openssl-libs-1.0.1e-52.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: openssl-debuginfo-1.0.1e-52.el7_2.i686.rpm openssl-debuginfo-1.0.1e-52.el7_2.x86_64.rpm openssl-perl-1.0.1e-52.el7_2.x86_64.rpm openssl-static-1.0.1e-52.el7_2.i686.rpm openssl-static-1.0.1e-52.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+COUtzjgjWX9erEAQjvtg/+LUJPrgKmxKa/B2r2OET/gFNmyJk6X18m YPbtDtGtJ+Vd/Nl3+6PR/G9lk0iir2wRdNCIDq8vPLyX4Mtr0DDbxsGRyK3SHGSl LwgAC+Hn6wAswsET68PbABC1ivswyQ3L6uRA/Ln65RamNc6Dtj7CYB0ntWUxRPN1 rpVhiR/PyPFH9JaiOHydTxv0TikZ2aQ93iO8Jpwnd4DVrA8e1nx0JbWK+UES+6b/ GPOPJ0jPCIgLRSIltRpfG/WIxbOswyO1k2/y15Uvri7ck+YStfi7X21ThT2ObtwV HA730TiihaV1jlgOWOk6pfNGepECFy7nTG0BBWD84nMLKbhgNu6XgS6QXzIgI7V3 vA4tTHK7Uo/+XSBZfqiwrHVMZYiDQ5C0xEvZa5YzU61K0cpho51XGQeXEu4MEhf9 HQLAgv3+PoOAacfBhWl2MwVpKLVwLiDHf8hlnPIPt1H2/JCoielGYYvwJRg01o6H GvHZ1vArJEud0rOTdJ8cstaW+G8Zb5SP/bNDSGDqw1sWHGMyQjpL/f92vYiHv3Ea Q07bPWyEQe9/nuNu+fXwQu7c3ogmbAIiOxy3rqChtUyO5YlOeA0mYRlu7DpSdHBS 3ckxKRB6coLOqto3nigbxkXB4EHfz1pasUyZeHt1gLmh6+2einghO7YDpNU0+XKU clXuV5JEVE8= =FkM6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. 8) - aarch64, ppc64le, s390x, x86_64 3. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542) 4. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: OpenSSL: Denial of service Date: December 23, 2020 Bugs: #759079 ID: 202012-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.1.1i >= 1.1.1i Description =========== A null pointer dereference flaw was found in OpenSSL. Impact ====== A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function in an application linked against OpenSSL, could possibly cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1i" References ========== [ 1 ] CVE-2020-1971 https://nvd.nist.gov/vuln/detail/CVE-2020-1971 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202012-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/): 1843640 - CVE-2020-13379 grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL 1879672 - /var/log/tcmu-runner.log within tcmu-runner container does not get rotated and log grows without limit

Trust: 1.98

sources: NVD: CVE-2020-1971 // VULHUB: VHN-173115 // PACKETSTORM: 169642 // PACKETSTORM: 160638 // PACKETSTORM: 161390 // PACKETSTORM: 161382 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 160523 // PACKETSTORM: 162130 // PACKETSTORM: 161389 // PACKETSTORM: 160704 // PACKETSTORM: 160916

AFFECTED PRODUCTS

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.2

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.3

Trust: 1.0

vendor:netappmodel:santricity smi-s providerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.9.0.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:14.14.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.15.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.3

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:ltversion:5.13.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:15.0.0

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:14.15.4

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:tenablemodel:log correlation enginescope:ltversion:6.0.9

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.0.0

Trust: 1.0

vendor:netappmodel:aff a250scope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:8.0.22

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.2

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1i

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.23.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.5.3

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2x

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.3

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.3.4

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.3

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.22

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.2.3

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.5.0.0.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:jd edwards world securityscope:eqversion:a9.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.13.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.60.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:15.5.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.2

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:communications unified session managerscope:eqversion:scz8.2.5

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:ef600ascope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.1.0

Trust: 1.0

vendor:netappmodel:plug-in for symantec netbackupscope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.15

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.3

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.20.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:manageability software development kitscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.1

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.32

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:12.12.0

Trust: 1.0

sources: NVD: CVE-2020-1971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1971
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2020-1971
value: MEDIUM

Trust: 1.0

VULHUB: VHN-173115
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1971
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-173115
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1971
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-173115 // NVD: CVE-2020-1971 // NVD: CVE-2020-1971

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

sources: VULHUB: VHN-173115 // NVD: CVE-2020-1971

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 160704

TYPE

overflow

Trust: 0.1

sources: PACKETSTORM: 161016

EXTERNAL IDS

db:NVDid:CVE-2020-1971

Trust: 2.2

db:TENABLEid:TNS-2021-10

Trust: 1.1

db:TENABLEid:TNS-2021-09

Trust: 1.1

db:TENABLEid:TNS-2020-11

Trust: 1.1

db:SIEMENSid:SSA-389290

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2021/09/14/2

Trust: 1.1

db:PULSESECUREid:SA44676

Trust: 1.1

db:PACKETSTORMid:161382

Trust: 0.2

db:PACKETSTORMid:160916

Trust: 0.2

db:PACKETSTORMid:162130

Trust: 0.2

db:PACKETSTORMid:160638

Trust: 0.2

db:PACKETSTORMid:160704

Trust: 0.2

db:PACKETSTORMid:161389

Trust: 0.2

db:PACKETSTORMid:160523

Trust: 0.2

db:PACKETSTORMid:161390

Trust: 0.2

db:PACKETSTORMid:160605

Trust: 0.1

db:PACKETSTORMid:161003

Trust: 0.1

db:PACKETSTORMid:160644

Trust: 0.1

db:PACKETSTORMid:161388

Trust: 0.1

db:PACKETSTORMid:161525

Trust: 0.1

db:PACKETSTORMid:161727

Trust: 0.1

db:PACKETSTORMid:160499

Trust: 0.1

db:PACKETSTORMid:161379

Trust: 0.1

db:PACKETSTORMid:160636

Trust: 0.1

db:PACKETSTORMid:161004

Trust: 0.1

db:PACKETSTORMid:160654

Trust: 0.1

db:PACKETSTORMid:161387

Trust: 0.1

db:PACKETSTORMid:160651

Trust: 0.1

db:PACKETSTORMid:160569

Trust: 0.1

db:PACKETSTORMid:161916

Trust: 0.1

db:PACKETSTORMid:162142

Trust: 0.1

db:PACKETSTORMid:160961

Trust: 0.1

db:PACKETSTORMid:160414

Trust: 0.1

db:PACKETSTORMid:160561

Trust: 0.1

db:PACKETSTORMid:160639

Trust: 0.1

db:PACKETSTORMid:161011

Trust: 0.1

db:PACKETSTORMid:160882

Trust: 0.1

db:VULHUBid:VHN-173115

Trust: 0.1

db:PACKETSTORMid:169642

Trust: 0.1

db:PACKETSTORMid:161429

Trust: 0.1

db:PACKETSTORMid:161016

Trust: 0.1

sources: VULHUB: VHN-173115 // PACKETSTORM: 169642 // PACKETSTORM: 160638 // PACKETSTORM: 161390 // PACKETSTORM: 161382 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 160523 // PACKETSTORM: 162130 // PACKETSTORM: 161389 // PACKETSTORM: 160704 // PACKETSTORM: 160916 // NVD: CVE-2020-1971

REFERENCES

url:https://www.openssl.org/news/secadv/20201208.txt

Trust: 1.2

url:https://security.gentoo.org/glsa/202012-13

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.1

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44676

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20201218-0005/

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20210513-0002/

Trust: 1.1

url:https://www.tenable.com/security/tns-2020-11

Trust: 1.1

url:https://www.tenable.com/security/tns-2021-09

Trust: 1.1

url:https://www.tenable.com/security/tns-2021-10

Trust: 1.1

url:https://www.debian.org/security/2020/dsa-4807

Trust: 1.1

url:https://security.freebsd.org/advisories/freebsd-sa-20:33.openssl.asc

Trust: 1.1

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2021/09/14/2

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920

Trust: 1.0

url:https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.9

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-24659

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13943

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-17527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13943

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-17527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15165

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14382

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11068

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1751

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-1551

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1551

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1752

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15165

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11068

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.2

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

Trust: 0.1

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/

Trust: 0.1

url:https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3ccommits.pulsar.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.1

url:https://www.openssl.org/support/contracts.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5639

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0495

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=5.4

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.4/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0488

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl&downloadtype=securitypatches&version=1.1.1c

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=securitypatches&version=2.4.37

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20386

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20386

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0190

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27813

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5476

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25645

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20265

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7053

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0494

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0083

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13379

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24659

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4.2/html

Trust: 0.1

sources: VULHUB: VHN-173115 // PACKETSTORM: 169642 // PACKETSTORM: 160638 // PACKETSTORM: 161390 // PACKETSTORM: 161382 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 160523 // PACKETSTORM: 162130 // PACKETSTORM: 161389 // PACKETSTORM: 160704 // PACKETSTORM: 160916 // NVD: CVE-2020-1971

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 160638 // PACKETSTORM: 161390 // PACKETSTORM: 161382 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 160523 // PACKETSTORM: 162130 // PACKETSTORM: 161389 // PACKETSTORM: 160916

SOURCES

db:VULHUBid:VHN-173115
db:PACKETSTORMid:169642
db:PACKETSTORMid:160638
db:PACKETSTORMid:161390
db:PACKETSTORMid:161382
db:PACKETSTORMid:161429
db:PACKETSTORMid:161016
db:PACKETSTORMid:160523
db:PACKETSTORMid:162130
db:PACKETSTORMid:161389
db:PACKETSTORMid:160704
db:PACKETSTORMid:160916
db:NVDid:CVE-2020-1971

LAST UPDATE DATE

2026-06-30T22:34:22.369000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-173115date:2022-08-29T00:00:00
db:NVDid:CVE-2020-1971date:2026-06-17T03:02:44.770

SOURCES RELEASE DATE

db:VULHUBid:VHN-173115date:2020-12-08T00:00:00
db:PACKETSTORMid:169642date:2020-12-08T12:12:12
db:PACKETSTORMid:160638date:2020-12-21T17:29:16
db:PACKETSTORMid:161390date:2021-02-11T15:26:00
db:PACKETSTORMid:161382date:2021-02-11T15:19:41
db:PACKETSTORMid:161429date:2021-02-16T15:44:48
db:PACKETSTORMid:161016date:2021-01-19T14:45:45
db:PACKETSTORMid:160523date:2020-12-16T17:51:37
db:PACKETSTORMid:162130date:2021-04-08T14:00:00
db:PACKETSTORMid:161389date:2021-02-11T15:25:54
db:PACKETSTORMid:160704date:2020-12-24T17:16:12
db:PACKETSTORMid:160916date:2021-01-12T16:26:30
db:NVDid:CVE-2020-1971date:2020-12-08T16:15:11.730