ALAS2-2020-1573

Affecting openssl-libs package, versions <1:1.0.2k-19.amzn2.0.4

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1573. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-1971: 1903409: CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade openssl-libs to version or higher.

References

CVE
ALAS2-2020-1573
Snyk ID
SNYK-AMZN2-OPENSSLLIBS-1049157
Published
09 Dec, 2020