FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- NULL pointer de-reference

Affected packages
1.0.2,1 <= openssl < 1.1.1i,1
12.2 <= FreeBSD < 12.2_2
12.1 <= FreeBSD < 12.1_12
11.4 <= FreeBSD < 11.4_6

Details

VuXML ID 1d56cfc5-3970-11eb-929d-d4c9ef517024
Discovery 2020-12-08
Entry 2020-12-08
Modified 2020-12-15

The OpenSSL project reports:

EDIPARTYNAME NULL pointer de-reference (High)

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack.

[source]

References

CVE Name CVE-2020-1971
FreeBSD Advisory SA-20:33.openssl
URL https://www.openssl.org/news/secadv/20201208.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.