// For flags

CVE-2019-1547

ECDSA remote timing attack

Severity Score

4.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Normalmente en los grupos EC de OpenSSL siempre tienen un cofactor presente y este es usado en rutas de código resistentes a canales laterales. Sin embargo, en ciertos casos, es posible construir un grupo usando parámetros explícitos (en lugar de usar una curva nombrada). En esos casos, es posible que dicho grupo no tenga el cofactor presente. Esto puede ocurrir incluso cuando todos los parámetros coinciden con una curva de nombre conocido. Si es utilizada dicha curva, entonces OpenSSL recurre a rutas de código resistentes a canales no laterales lo que puede resultar en una recuperación de clave completa durante una operación de firma ECDSA. Para que sea vulnerable, un atacante tendría que tener la capacidad de cronometrar la creación de un gran número de firmas donde parámetros explícitos sin cofactor presente están en uso mediante una aplicación que utiliza libcrypto. Para evitar dudas, libssl no es vulnerable porque nunca se utilizan parámetros explícitos. Corregido en OpenSSL versión 1.1.1d (afectada la versión 1.1.1-1.1.1c). Corregido en OpenSSL versión 1.1.0l (afectada la versión 1.1.0-1.1.0k). Corregida en OpenSSL versión 1.0.2t (afectada la versión 1.0.2-1.0.2s).

*Credits: Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2018-11-28 CVE Reserved
  • 2019-09-10 CVE Published
  • 2024-09-03 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-602: Client-Side Enforcement of Server-Side Security
CAPEC
References (37)
URL Tag Source
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
https://arxiv.org/abs/1909.01785 Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html Mailing List
https://seclists.org/bugtraq/2019/Oct/0 Mailing List
https://seclists.org/bugtraq/2019/Oct/1 Mailing List
https://seclists.org/bugtraq/2019/Sep/25 Mailing List
https://security.netapp.com/advisory/ntap-20190919-0002
https://security.netapp.com/advisory/ntap-20200122-0002
https://security.netapp.com/advisory/ntap-20200416-0003
https://security.netapp.com/advisory/ntap-20240621-0006
https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2019-09
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html 2024-06-21
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html 2024-06-21
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html 2024-06-21
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html 2024-06-21
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A 2024-06-21
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E 2024-06-21
https://security.gentoo.org/glsa/201911-04 2024-06-21
https://usn.ubuntu.com/4376-1 2024-06-21
https://usn.ubuntu.com/4376-2 2024-06-21
https://usn.ubuntu.com/4504-1 2024-06-21
https://www.debian.org/security/2019/dsa-4539 2024-06-21
https://www.debian.org/security/2019/dsa-4540 2024-06-21
https://www.openssl.org/news/secadv/20190910.txt 2024-06-21
https://access.redhat.com/security/cve/CVE-2019-1547 2020-04-28
https://bugzilla.redhat.com/show_bug.cgi?id=1752090 2020-04-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 >= 1.0.2 <= 1.0.2s
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 <= 1.0.2s"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 >= 1.1.0 <= 1.1.0k
Search vendor "Openssl" for product "Openssl" and version " >= 1.1.0 <= 1.1.0k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 >= 1.1.1 <= 1.1.1c
Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 <= 1.1.1c"
-
Affected