Security News > 2020 > December > DHS-CISA urges admins to patch OpenSSL DoS vulnerability
2020-12-09 12:25
U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately.
OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.
Another place where GENERAL NAME cmp function is being used in OpenSSL is when comparing the timestamp response token signer to the timestamp authority name.
Reported on November 9th, 2020, by David Benjamin of Google, this vulnerability impacts all versions of OpenSSL 1.0.2 and 1.1.1.
This is perhaps why CISA has issued a security advisory for CVE-2020-1971 prompting server admins to immediately upgrade their OpenSSL instances.
News URL
Related news
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |