正文

OpenSSL 代码问题漏洞

admin
admin V管理员 /0 评论 /9 阅读
0302
此篇文章发布距今已超过1160天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

OpenSSL 代码问题漏洞

  • CNNVD编号:CNNVD-202012-579
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2020-1971
  • 漏洞类型: 代码问题
  • 发布时间: 2020-12-08
  • 威胁类型: 远程
  • 更新时间: 2021-11-29
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。

OpenSSL 1.1.1版本和1.0.2版本存在代码问题漏洞,该漏洞源于空指针解引用和崩溃可能会导致拒绝服务攻击。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://www.openssl.org/news/secadv/20201208.txt

参考网址

来源:CONFIRM

链接:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676

来源:DEBIAN

链接:https://www.debian.org/security/2020/dsa-4807

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20210513-0002/

来源:FREEBSD

链接:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc

来源:CONFIRM

链接:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html

来源:MISC

链接:https://www.oracle.com/security-alerts/cpujan2021.html

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2021/09/14/2

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/

来源:CONFIRM

链接:https://www.tenable.com/security/tns-2021-10

来源:CONFIRM

链接:https://www.tenable.com/security/tns-2020-11

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/

来源:N/A

链接:https://www.oracle.com//security-alerts/cpujul2021.html

来源:GENTOO

链接:https://security.gentoo.org/glsa/202012-13

来源:MLIST

链接:https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E

来源:CONFIRM

链接:https://www.tenable.com/security/tns-2021-09

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20201218-0005/

来源:CONFIRM

链接:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2021.html

来源:CONFIRM

链接:https://www.openssl.org/news/secadv/20201208.txt

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuApr2021.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulnerability-in-openssl-affects-ibm-infosphere-information-server/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4426.3/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4365/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1207

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-openssl/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2781

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160499/Red-Hat-Security-Advisory-2020-5422-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-openssl-vulnerability/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160605/Red-Hat-Security-Advisory-2020-5623-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161727/Red-Hat-Security-Advisory-2021-0778-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0212/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2020-1971/

来源:http-request-smuggling-vulnerabilities

链接:http-request-smuggling-vulnerabilities/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-multiple-denial-of-service-and-

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujul2021.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerability-cve-2020-1971/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161525/Ubuntu-Security-Notice-USN-4745-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4394/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-cve-2020-1971-cve-2020-15999-cve-2017-12652/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1618

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4426.2/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6490837

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-2/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0184/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021042543

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0099/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160636/Red-Hat-Security-Advisory-2020-5637-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0160/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021051226

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021101929

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6486087

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021072165

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-vulnerabilities-cve-2020-1971-cve-2020-8265-and-cve-2020-8287/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1193

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021101259

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160882/Red-Hat-Security-Advisory-2021-0056-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160916/Red-Hat-Security-Advisory-2021-0083-01.html

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujan2021.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-5/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1916

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-cve-2020-1971/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4320/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160410/OpenSSL-Toolkit-1.1.1i.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0670

来源:device.harmonyos.com

链接:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202107-0000001170634565

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6507579

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2020-1971/

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpuapr2021.html

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpuoct2021.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160523/Red-Hat-Security-Advisory-2020-5476-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4385/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160414/Ubuntu-Security-Notice-USN-4662-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0111/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1971/

来源:source.android.com

链接:https://source.android.com/security/bulletin/pixel/2021-06-01

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-2/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-1971

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021042618

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0845

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0691

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0233/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/OpenSSL-NULL-pointer-dereference-via-GENERAL-NAME-cmp-34055

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-2020-1971/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162130/Red-Hat-Security-Advisory-2021-1129-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160961/Red-Hat-Security-Advisory-2021-0146-01.html

来源:support.lenovo.com

链接:https://support.lenovo.com/us/en/product_security/LEN-60182

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161379/Red-Hat-Security-Advisory-2021-0486-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0319/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-3/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-5/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0584

来源:msrc.microsoft.com

链接:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1971

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0184.2

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2020-1971/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-4/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2020-1968-cve-2020-1971/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0864

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0986

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-1968-vulnerability-in-openssl-may-affect-ibm-workload-scheduler-3/

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2020-1971

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-denial-of-service-dos-vulnerability-in-openssl-cve-2020-1971/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4514/

来源:http-jackson-databind-openssl-and-node-js-affect-ibm-spectrum-control

链接:http-jackson-databind-openssl-and-node-js-affect-ibm-spectrum-control/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-apache-

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160704/Gentoo-Linux-Security-Advisory-202012-13.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161916/Red-Hat-Security-Advisory-2021-0949-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162142/Red-Hat-Security-Advisory-2021-1079-01.html

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6490373

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6479353

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971-2/

受影响实体

    暂无


补丁

  • OpenSSL 代码问题漏洞的修复措施
    <!--
    2020-12-8
    -->