ALAS2-2020-1573
Affecting openssl-libs package, versions <1:1.0.2k-19.amzn2.0.4
Report new vulnerabilities
high severity
Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to ALAS2-2020-1573. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-1971: 1903409: CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Remediation
Upgrade openssl-libs to version or higher.
References
- CVE
- ALAS2-2020-1573
- Snyk ID
- SNYK-AMZN2-OPENSSLLIBS-1049157
- Published
- 09 Dec, 2020