CVE-2020-1971 | EDIPARTYNAME NULL pointer dereference

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Published: 2020-12-08 Last update: 2026-05-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2020-1971 is rated Moderate Risk (43.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.35%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2020-1971

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-02-06 0.35% 0.35% -0.00%
2 2026-01-19 0.35% 0.35% +0.00%
3 2025-12-02 0.35%

Full EPSS history (31 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2020-1971

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.9 3.1 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.2 3.6 [email protected]
5.9 3.1 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.2 3.6 134c704f-9b21-4f2e-91b3-4a467353bcc0
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2020-1971

OS Trackers for CVE-2020-1971

vendor priority summary link
alpine medium CVE-2020-1971: 4 source package rows (libressl, openssl, openssl1.1-compat, openssl3); 47 state rows across 17 repos (3.10-main, 3.11-main, 3.12-main, 3.17-community, 3.17-main, 3.18-community, 3.18-main, 3.19-community, 3.19-main, 3.20-community, 3.20-main, 3.21-community, 3.21-main, 3.22-community, 3.22-main, edge-community, edge-main); fixed 22, open 25. https://security.alpinelinux.org/vuln/CVE-2020-1971
debian not yet assigned CVE-2020-1971 not yet assigned priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2020-1971
gentoo low CVE-2020-1971: 1 GLSA(s) (202012-13), 1 atom(s) (dev-libs/openssl); latest impact low. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2020-1971
redhat high https://access.redhat.com/security/cve/CVE-2020-1971
suse high CVE-2020-1971 severity important: SUSE including 712 source package names (0.1.0:libopenssl1_1-1.1.0i-14.12.1, 0.1.75:libopenssl1_1-1.1.0i-14.12.1, …), 1394 product×package rows across 280 product lines (Container bci/bci-init, Container bci/dotnet-aspnet, … (280 product lines)): Fixed 1083, Known Not Affected 182, Known Affected 129. https://www.suse.com/security/cve/CVE-2020-1971/
ubuntu high CVE-2020-1971 high priority: Ubuntu including 4 source packages (edk2, nodejs, openssl, openssl1.0), 24 status rows across 6 suites (bionic, focal, groovy, trusty, upstream, xenial): not-affected 10, released 6, DNE 5, needs-triage 3. https://ubuntu.com/security/CVE-2020-1971

Affected software / configurations for CVE-2020-1971

Vendor Product Version Raw CPE
openssl openssl >= 1.0.2, < 1.0.2x cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
openssl openssl >= 1.1.1, < 1.1.1i cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
debian debian_linux 9.0 cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debian debian_linux 10.0 cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
fedoraproject fedora 32 cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraproject fedora 33 cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
oracle api_gateway 11.1.2.4.0 cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
oracle business_intelligence 5.5.0.0.0 cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
oracle business_intelligence 5.9.0.0.0 cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
oracle business_intelligence 12.2.1.3.0 cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
oracle business_intelligence 12.2.1.4.0 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0 cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
oracle communications_diameter_intelligence_hub >= 8.0.0, <= 8.1.0 cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
oracle communications_diameter_intelligence_hub >= 8.2.0, <= 8.2.3 cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
oracle communications_session_border_controller cz8.2 cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*
oracle communications_session_border_controller cz8.3 cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*
oracle communications_session_border_controller cz8.4 cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*
oracle communications_session_router cz8.2 cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*
oracle communications_session_router cz8.3 cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*
oracle communications_session_router cz8.4 cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*
oracle communications_subscriber-aware_load_balancer cz8.2 cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*
oracle communications_subscriber-aware_load_balancer cz8.3 cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*
oracle communications_subscriber-aware_load_balancer cz8.4 cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*
oracle communications_unified_session_manager scz8.2.5 cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*
oracle enterprise_communications_broker pcz3.1 cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*
oracle enterprise_communications_broker pcz3.2 cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*
oracle enterprise_communications_broker pcz3.3 cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.3.0.0 cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.4.0.0 cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_for_storage_management 13.4.0.0 cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_ops_center 12.4.0.0 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
oracle enterprise_session_border_controller cz8.2 cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*
oracle enterprise_session_border_controller cz8.3 cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*
oracle enterprise_session_border_controller cz8.4 cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*
oracle essbase 21.2 cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
oracle graalvm 19.3.4 cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
oracle graalvm 20.3.0 cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
oracle http_server 12.2.1.4.0 cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools < 9.2.5.3 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oracle jd_edwards_world_security a9.4 cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
oracle mysql <= 8.0.22 cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
oracle mysql_server <= 5.7.32 cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
oracle mysql_server >= 8.0.15, <= 8.0.22 cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.56 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
netapp active_iq_unified_manager cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netapp active_iq_unified_manager cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
netapp clustered_data_ontap_antivirus_connector cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
netapp data_ontap cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
netapp e-series_santricity_os_controller >= 11.0.0, <= 11.60.3 cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapp hci_management_node cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netapp manageability_software_development_kit cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
netapp oncommand_insight cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netapp oncommand_workflow_automation cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netapp plug-in_for_symantec_netbackup cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
netapp santricity_smi-s_provider cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
netapp snapcenter cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
netapp solidfire cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netapp hci_compute_node cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
netapp hci_storage_node cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
netapp ef600a_firmware cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*
netapp aff_a250_firmware cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
tenable log_correlation_engine < 6.0.9 cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*
tenable nessus_network_monitor < 5.13.1 cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*
siemens sinec_infrastructure_network_services < 1.0.1.1 cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
nodejs node.js >= 10.0.0, <= 10.12.0 cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
nodejs node.js >= 10.13.0, < 10.23.1 cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
nodejs node.js >= 12.0.0, <= 12.12.0 cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
nodejs node.js >= 12.13.0, < 12.20.1 cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
nodejs node.js >= 14.0.0, <= 14.14.0 cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
nodejs node.js >= 14.15.0, < 14.15.4 cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
nodejs node.js >= 15.0.0, < 15.5.0 cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

References for CVE-2020-1971

URL Tags
http://www.openwall.com/lists/oss-security/2021/09/14/2 Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 Third Party Advisory
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc Third Party Advisory
https://security.gentoo.org/glsa/202012-13 Third Party Advisory
https://security.netapp.com/advisory/ntap-20201218-0005/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20210513-0002/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.debian.org/security/2020/dsa-4807 Third Party Advisory
https://www.openssl.org/news/secadv/20201208.txt Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Third Party Advisory
https://www.tenable.com/security/tns-2020-11 Third Party Advisory
https://www.tenable.com/security/tns-2021-09 Third Party Advisory
https://www.tenable.com/security/tns-2021-10 Third Party Advisory
cvelogic Threat Intelligence