Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2019-1547
Description:Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Test IDs: 1.3.6.1.4.1.25623.1.0.891932  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-1547
Bugtraq: 20190912 [slackware-security] openssl (SSA:2019-254-03) (Google Search)
https://seclists.org/bugtraq/2019/Sep/25
Bugtraq: 20191001 [SECURITY] [DSA 4539-1] openssl security update (Google Search)
https://seclists.org/bugtraq/2019/Oct/1
Bugtraq: 20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update (Google Search)
https://seclists.org/bugtraq/2019/Oct/0
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
https://security.netapp.com/advisory/ntap-20190919-0002/
https://security.netapp.com/advisory/ntap-20200122-0002/
https://security.netapp.com/advisory/ntap-20200416-0003/
https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS
https://www.openssl.org/news/secadv/20190910.txt
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2019-09
Debian Security Information: DSA-4539 (Google Search)
https://www.debian.org/security/2019/dsa-4539
Debian Security Information: DSA-4540 (Google Search)
https://www.debian.org/security/2019/dsa-4540
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
https://security.gentoo.org/glsa/201911-04
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
https://arxiv.org/abs/1909.01785
https://arxiv.org/abs/1909.01785
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
SuSE Security Announcement: openSUSE-SU-2019:2158 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
SuSE Security Announcement: openSUSE-SU-2019:2189 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
SuSE Security Announcement: openSUSE-SU-2019:2269 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
https://usn.ubuntu.com/4376-1/
https://usn.ubuntu.com/4376-2/
https://usn.ubuntu.com/4504-1/




© 1998-2020 E-Soft Inc. All rights reserved.