OpenSSL Security Update (MINDBREEZE16594)

ID: MINDBREEZE16594 
Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 5.9 Medium 
Status: Final 
First published: February 2, 2021 
CVEs: CVE-2020-1971

Summary

OpenSSL: EDIPARTYNAME NULL pointer de-reference could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur.

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 20.5 Release (Version 20.5.1.835)
• Mindbreeze InSpire SaaS 20.5 Release (Version 20.5.1.835)