CVE-2020-1971

medium

Published 2020-12-08 · Modified 2020-12-15

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

5.9

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.9

Description

RHSA-2020:5476: openssl security and bug fix update (Important)

Predictions

Exploit likelihood

69%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

Fedora Affected 2 releases

Version	Status	Fixed in
33	Affected	—
32	Affected	—

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Mixed 7 releases

Version	Status	Fixed in
trixie	Fixed	`1.1.1i-1`
sid	Fixed	`1.1.1i-1`
forky	Fixed	`1.1.1i-1`
bullseye	Fixed	`1.1.1i-1`
bookworm	Fixed	`1.1.1i-1`
10.0	Affected	—
9.0	Affected	—

Arch Fixed 1 release

Version	Status	Fixed in
—	Fixed	`1.1.1.i-1`

Red Hat Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

Application impact

Vendor	Product	Versions	Fixed
openssl	openssl	`{"startIncluding":"1.0.2","endExcluding":"1.0.2x"}`	`1.0.2x`
openssl	openssl	`{"startIncluding":"1.1.1","endExcluding":"1.1.1i"}`	`1.1.1i`
oracle	api_gateway	`11.1.2.4.0`
oracle	business_intelligence	`5.5.0.0.0`
oracle	business_intelligence	`5.9.0.0.0`
oracle	business_intelligence	`12.2.1.3.0`
oracle	business_intelligence	`12.2.1.4.0`
oracle	communications_cloud_native_core_network_function_cloud_native_environment	`1.10.0`
oracle	communications_diameter_intelligence_hub	`{"startIncluding":"8.0.0","endIncluding":"8.1.0"}`
oracle	communications_diameter_intelligence_hub	`{"startIncluding":"8.2.0","endIncluding":"8.2.3"}`
oracle	communications_session_border_controller	`cz8.2`
oracle	communications_session_border_controller	`cz8.3`
oracle	communications_session_border_controller	`cz8.4`
oracle	communications_session_router	`cz8.2`
oracle	communications_session_router	`cz8.3`
oracle	communications_session_router	`cz8.4`
oracle	communications_subscriber-aware_load_balancer	`cz8.2`
oracle	communications_subscriber-aware_load_balancer	`cz8.3`
oracle	communications_subscriber-aware_load_balancer	`cz8.4`
oracle	communications_unified_session_manager	`scz8.2.5`
oracle	enterprise_communications_broker	`pcz3.1`
oracle	enterprise_communications_broker	`pcz3.2`
oracle	enterprise_communications_broker	`pcz3.3`
oracle	enterprise_manager_base_platform	`13.3.0.0`
oracle	enterprise_manager_base_platform	`13.4.0.0`
oracle	enterprise_manager_for_storage_management	`13.4.0.0`
oracle	enterprise_manager_ops_center	`12.4.0.0`
oracle	enterprise_session_border_controller	`cz8.2`
oracle	enterprise_session_border_controller	`cz8.3`
oracle	enterprise_session_border_controller	`cz8.4`
oracle	essbase	`21.2`
oracle	graalvm	`19.3.4`
oracle	graalvm	`20.3.0`
oracle	http_server	`12.2.1.4.0`
oracle	jd_edwards_enterpriseone_tools	`{"endExcluding":"9.2.5.3"}`	`9.2.5.3`
oracle	jd_edwards_world_security	`a9.4`
oracle	mysql	`{"endIncluding":"8.0.22"}`
oracle	mysql_server	`{"endIncluding":"5.7.32"}`
oracle	mysql_server	`{"startIncluding":"8.0.15","endIncluding":"8.0.22"}`
oracle	peoplesoft_enterprise_peopletools	`8.56`
oracle	peoplesoft_enterprise_peopletools	`8.57`
oracle	peoplesoft_enterprise_peopletools	`8.58`
netapp	active_iq_unified_manager	`-`
netapp	clustered_data_ontap_antivirus_connector	`-`
netapp	data_ontap	`-`
netapp	e-series_santricity_os_controller	`{"startIncluding":"11.0.0","endIncluding":"11.60.3"}`
netapp	hci_management_node	`-`
netapp	manageability_software_development_kit	`-`
netapp	oncommand_insight	`-`
netapp	oncommand_workflow_automation	`-`
netapp	plug-in_for_symantec_netbackup	`-`
netapp	santricity_smi-s_provider	`-`
netapp	snapcenter	`-`
netapp	solidfire	`-`
netapp	hci_compute_node	`-`
netapp	hci_storage_node	`-`
netapp	ef600a	`-`
netapp	aff_a250	`-`
tenable	log_correlation_engine	`{"endExcluding":"6.0.9"}`	`6.0.9`
tenable	nessus_network_monitor	`{"endExcluding":"5.13.1"}`	`5.13.1`
siemens	sinec_infrastructure_network_services	`{"endExcluding":"1.0.1.1"}`	`1.0.1.1`
nodejs	node.js	`{"startIncluding":"10.0.0","endIncluding":"10.12.0"}`
nodejs	node.js	`{"startIncluding":"10.13.0","endExcluding":"10.23.1"}`	`10.23.1`
nodejs	node.js	`{"startIncluding":"12.0.0","endIncluding":"12.12.0"}`
nodejs	node.js	`{"startIncluding":"12.13.0","endExcluding":"12.20.1"}`	`12.20.1`
nodejs	node.js	`{"startIncluding":"14.0.0","endIncluding":"14.14.0"}`
nodejs	node.js	`{"startIncluding":"14.15.0","endExcluding":"14.15.4"}`	`14.15.4`
nodejs	node.js	`{"startIncluding":"15.0.0","endExcluding":"15.5.0"}`	`15.5.0`

References

CWEs

CWE-476

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.