CVE-2019-1563

Published: 10 September 2019

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Priority

Cvss 3 Severity Score

3.7

Score breakdown

Status

Package	Release	Status
edk2 Launchpad, Ubuntu, Debian	bionic	Needed
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Not vulnerable (0~20191122.bd85bf54-2)
	groovy	Not vulnerable (0~20191122.bd85bf54-2)
	hirsute	Not vulnerable (0~20191122.bd85bf54-2)
	impish	Not vulnerable (0~20191122.bd85bf54-2)
	jammy	Not vulnerable (0~20191122.bd85bf54-2)
	kinetic	Not vulnerable (0~20191122.bd85bf54-2)
	lunar	Not vulnerable (0~20191122.bd85bf54-2)
	mantic	Not vulnerable (0~20191122.bd85bf54-2)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needed
nodejs Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses system openssl1.0)
	disco	Not vulnerable (uses system openssl1.1)
	eoan	Not vulnerable (uses system openssl1.1)
	focal	Not vulnerable (uses system openssl1.1)
	groovy	Not vulnerable (uses system openssl1.1)
	hirsute	Not vulnerable (uses system openssl1.1)
	impish	Not vulnerable (uses system openssl1.1)
	jammy	Needed
	kinetic	Not vulnerable (uses system openssl1.1)
	lunar	Not vulnerable (uses system openssl1.1)
	mantic	Not vulnerable (uses system openssl1.1)
	trusty	Not vulnerable (uses system openssl)
	upstream	Needs triage
	xenial	Not vulnerable (uses system openssl)
openssl Launchpad, Ubuntu, Debian	bionic	Released (1.1.1-1ubuntu2.1~18.04.6)
	disco	Ignored (end of life)
	eoan	Released (1.1.1c-1ubuntu4.1)
	focal	Released (1.1.1d-2ubuntu1)
	groovy	Released (1.1.1d-2ubuntu1)
	hirsute	Released (1.1.1d-2ubuntu1)
	impish	Released (1.1.1d-2ubuntu1)
	jammy	Released (1.1.1d-2ubuntu1)
	kinetic	Released (1.1.1d-2ubuntu1)
	lunar	Released (1.1.1d-2ubuntu1)
	mantic	Released (1.1.1d-2ubuntu1)
	trusty	Released (1.0.1f-1ubuntu2.27+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Released (1.1.1d)
	xenial	Released (1.0.2g-1ubuntu4.16)
	Patches: upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb1ec38b266340710cb97c90b08fc90edd06262c upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
openssl1.0 Launchpad, Ubuntu, Debian	bionic	Released (1.0.2n-1ubuntu5.4)
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

Severity score breakdown

Parameter	Value
Base score	3.7
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›