You are here
OpenSSL Vulnerability Fixed in Version 1.1.1i
Submitted on 9. December 2020 - 11:37 by rischi.
Last update on 10. December 2020 - 17:06.
Last update on 10. December 2020 - 17:06.
Keywords:
OpenSSL
Description:
OpenSSL released version 1.1.1i fixing CVE-2020-1971 [1].
Airlock Gateway uses OpenSSL to handle front-side and back-end TLS connections. The vulnerability could result in a denial of service attack, and OpenSSL assigned the severity high.
No action required for Airlock Gateway
Details:
CVE-2020-1971 - We do not use the affected function GENERAL_NAME_cmp in a way that the attacker can control both of its arguments.
Resolution:
No action required.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock