CVE-2019-1547

Published: 10 September 2019

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Priority

Low

CVSS 3 base score: 4.7

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nodejs
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system openssl1.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system openssl1.0)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system openssl)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system openssl)
openssl
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.1d)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1.1.1d-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.1.1-1ubuntu2.1~18.04.6)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.0.2g-1ubuntu4.16)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1f-1ubuntu2.27+esm1)
Patches:
Upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 (1.0.2)
Upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a (1.1.0)
Upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 (1.1.1)
openssl1.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.0.2n-1ubuntu5.4)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist