Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2019-1563

UNKNOWN

Published 2019-09-10T16:58:35.407714Z

Actions:

No CVSS data available

Description

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

OpenSSL

Affected Versions:

Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c) Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k) Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)

References

https://seclists.org/bugtraq/2019/Sep/25

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html

https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/

https://seclists.org/bugtraq/2019/Oct/1

https://seclists.org/bugtraq/2019/Oct/0

https://www.debian.org/security/2019/dsa-4539

https://www.debian.org/security/2019/dsa-4540

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html

https://security.gentoo.org/glsa/201911-04

https://usn.ubuntu.com/4376-1/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.openssl.org/news/secadv/20190910.txt

http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html

https://security.netapp.com/advisory/ntap-20190919-0002/

https://www.tenable.com/security/tns-2019-09

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f

https://support.f5.com/csp/article/K97324400?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/4376-2/

https://usn.ubuntu.com/4504-1/

https://www.oracle.com/security-alerts/cpuoct2020.html

https://kc.mcafee.com/corporate/index?page=content&id=SB10365

Published: 2019-09-10T16:58:35.407714Z

Last Modified: 2024-09-17T01:11:46.014Z

Copied to clipboard!