CVE-2019-1563
Published: 10 September 2019
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Priority
Status
| Package | Release | Status |
|---|---|---|
|
edk2 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Not vulnerable
(0~20191122.bd85bf54-2)
|
|
| groovy |
Not vulnerable
(0~20191122.bd85bf54-2)
|
|
| hirsute |
Not vulnerable
(0~20191122.bd85bf54-2)
|
|
| impish |
Not vulnerable
(0~20191122.bd85bf54-2)
|
|
| jammy |
Not vulnerable
(0~20191122.bd85bf54-2)
|
|
| kinetic |
Not vulnerable
(0~20191122.bd85bf54-2)
|
|
| lunar |
Not vulnerable
(0~20191122.bd85bf54-2)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
|
nodejs Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system openssl1.0)
|
| disco |
Not vulnerable
(uses system openssl1.1)
|
|
| eoan |
Not vulnerable
(uses system openssl1.1)
|
|
| focal |
Not vulnerable
(uses system openssl1.1)
|
|
| groovy |
Not vulnerable
(uses system openssl1.1)
|
|
| hirsute |
Not vulnerable
(uses system openssl1.1)
|
|
| impish |
Not vulnerable
(uses system openssl1.1)
|
|
| jammy |
Needed
|
|
| kinetic |
Not vulnerable
(uses system openssl1.1)
|
|
| lunar |
Not vulnerable
(uses system openssl1.1)
|
|
| trusty |
Not vulnerable
(uses system openssl)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system openssl)
|
|
|
openssl Launchpad, Ubuntu, Debian |
bionic |
Released
(1.1.1-1ubuntu2.1~18.04.6)
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Released
(1.1.1c-1ubuntu4.1)
|
|
| focal |
Released
(1.1.1d-2ubuntu1)
|
|
| groovy |
Released
(1.1.1d-2ubuntu1)
|
|
| hirsute |
Released
(1.1.1d-2ubuntu1)
|
|
| impish |
Released
(1.1.1d-2ubuntu1)
|
|
| jammy |
Released
(1.1.1d-2ubuntu1)
|
|
| kinetic |
Released
(1.1.1d-2ubuntu1)
|
|
| lunar |
Released
(1.1.1d-2ubuntu1)
|
|
| trusty |
Released
(1.0.1f-1ubuntu2.27+esm1)
|
|
| upstream |
Released
(1.1.1d)
|
|
| xenial |
Released
(1.0.2g-1ubuntu4.16)
|
|
|
Patches: upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 (1.1.1) upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb1ec38b266340710cb97c90b08fc90edd06262c (regression test) upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 (1.1.0) upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f (1.0.2) |
||
|
openssl1.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(1.0.2n-1ubuntu5.4)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 3.7 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |