CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1547 – ECDSA remote timing attack
https://notcve.org/view.php?id=CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html https://arxiv.org/abs/1909.01785 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036b • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2019-1563 – Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
https://notcve.org/view.php?id=CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64 https://git.openssl.org/g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 0CVE-2019-1549 – Fork Protection
https://notcve.org/view.php?id=CVE-2019-1549
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. • https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E https://seclists.org/bugtraq/2019/Oct/1 https://security.netapp.com/advisory/ntap-20190919-0002 https://support.f5.com/csp/article/K44070243 https://support.f5.com/csp/article&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20997
https://notcve.org/view.php?id=CVE-2018-20997
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. Se descubrió un problema e el paquete openssl antes de 0.10.9 para Rust. Se produce un uso libre después de la firma de CMS. • https://rustsec.org/advisories/RUSTSEC-2018-0010.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10931
https://notcve.org/view.php?id=CVE-2016-10931
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. Se detectó un problema en el paquete openssl versiones anteriores a 0.9.0 para Rust. Presenta una vulnerabilidad de tipo man-in-the-middle de SSL/TLS porque la comprobación del certificado está desactivada por defecto y no existe API para la comprobación del nombre del host. • https://rustsec.org/advisories/RUSTSEC-2016-0001.html • CWE-295: Improper Certificate Validation •