Security News > 2020 > December > DHS-CISA urges admins to patch OpenSSL DoS vulnerability
2020-12-09 12:25
U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately.
OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.
Another place where GENERAL NAME cmp function is being used in OpenSSL is when comparing the timestamp response token signer to the timestamp authority name.
Reported on November 9th, 2020, by David Benjamin of Google, this vulnerability impacts all versions of OpenSSL 1.0.2 and 1.1.1.
This is perhaps why CISA has issued a security advisory for CVE-2020-1971 prompting server admins to immediately upgrade their OpenSSL instances.
News URL
Related news
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
- CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) (source)
- ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |