Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-1563
PUBLISHED
More InfoOfficial Page
Assigner-openssl
Assigner Org ID-3a12439a-ef3a-4c79-92e6-6081a721f1e5
View Known Exploited Vulnerability (KEV) details
Published At-10 Sep, 2019 | 16:58
Updated At-17 Sep, 2024 | 01:11
Rejected At-
▼CVE Numbering Authority (CNA)
Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Affected Products
Vendor
OpenSSLOpenSSL
Product
OpenSSL
Versions
Affected
  • Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)
  • Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)
  • Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)
Problem Types
TypeCWE IDDescription
textN/APadding Oracle
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
unknown
url:
https://www.openssl.org/policies/secpolicy.html#Low
lang:
eng
value:
Low
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Bernd Edlinger
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://seclists.org/bugtraq/2019/Sep/25
mailing-list
x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
vendor-advisory
x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
vendor-advisory
x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
mailing-list
x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
vendor-advisory
x_refsource_FEDORA
https://seclists.org/bugtraq/2019/Oct/1
mailing-list
x_refsource_BUGTRAQ
https://seclists.org/bugtraq/2019/Oct/0
mailing-list
x_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4539
vendor-advisory
x_refsource_DEBIAN
https://www.debian.org/security/2019/dsa-4540
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201911-04
vendor-advisory
x_refsource_GENTOO
https://usn.ubuntu.com/4376-1/
vendor-advisory
x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.html
x_refsource_MISC
https://www.openssl.org/news/secadv/20190910.txt
x_refsource_CONFIRM
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190919-0002/
x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-09
x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64
x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97
x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
x_refsource_CONFIRM
https://support.f5.com/csp/article/K97324400?utm_source=f5support&amp%3Butm_medium=RSS
x_refsource_CONFIRM
https://usn.ubuntu.com/4376-2/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4504-1/
vendor-advisory
x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://seclists.org/bugtraq/2019/Sep/25
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
mailing-list
x_refsource_MLIST
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://seclists.org/bugtraq/2019/Oct/1
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://seclists.org/bugtraq/2019/Oct/0
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://www.debian.org/security/2019/dsa-4539
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://www.debian.org/security/2019/dsa-4540
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201911-04
vendor-advisory
x_refsource_GENTOO
x_transferred
https://usn.ubuntu.com/4376-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpujan2020.html
x_refsource_MISC
x_transferred
https://www.openssl.org/news/secadv/20190910.txt
x_refsource_CONFIRM
x_transferred
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20190919-0002/
x_refsource_CONFIRM
x_transferred
https://www.tenable.com/security/tns-2019-09
x_refsource_CONFIRM
x_transferred
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64
x_refsource_CONFIRM
x_transferred
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97
x_refsource_CONFIRM
x_transferred
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
x_refsource_CONFIRM
x_transferred
https://support.f5.com/csp/article/K97324400?utm_source=f5support&amp%3Butm_medium=RSS
x_refsource_CONFIRM
x_transferred
https://usn.ubuntu.com/4376-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4504-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
x_refsource_CONFIRM
x_transferred
Details not found