CVE-2019-1563

Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

Severity Score

3.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

En situaciones donde un atacante recibe una notificación automática del éxito o el fracaso de un intento de descifrado, un atacante, luego de enviar una gran número de mensajes para descifrar, puede recuperar una clave de cifrado transportada de CMS/PKCS7 o descifrar cualquier mensaje cifrado de RSA que se cifró con la clave pública de RSA, utilizando un ataque de tipo padding oracle de Bleichenbacher. Las aplicaciones no están afectadas si usan un certificado junto con la clave RSA privada para las funciones CMS_decrypt o PKCS7_decrypt para seleccionar la información correcta del destinatario a descifrar. Corregido en OpenSSL versión 1.1.1d (afectada la versión 1.1.1-1.1.1c). Corregido en OpenSSL versión 1.1.0l (afectada la versión 1.1.0-1.1.0k). Corregido en OpenSSL versión 1.0.2t (afectada la versión 1.0.2-1.0.2s).

*Credits: Bernd Edlinger

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-11-28 CVE Reserved
2019-09-10 CVE Published
2024-09-03 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-203: Observable Discrepancy
CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CAPEC

References (32)

URL	Tag	Source
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html	X_refsource_misc
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64	X_refsource_confirm
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97	X_refsource_confirm
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f	X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10365	X_refsource_confirm
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html	Mailing List
https://seclists.org/bugtraq/2019/Oct/0	Mailing List
https://seclists.org/bugtraq/2019/Oct/1	Mailing List
https://seclists.org/bugtraq/2019/Sep/25	Mailing List
https://security.netapp.com/advisory/ntap-20190919-0002	X_refsource_confirm
https://support.f5.com/csp/article/K97324400?utm_source=f5support&amp%3Butm_medium=RSS	X_refsource_confirm
https://www.oracle.com/security-alerts/cpuapr2020.html	X_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html	X_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html	X_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html	X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	X_refsource_misc
https://www.tenable.com/security/tns-2019-09	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E	2023-11-07
https://security.gentoo.org/glsa/201911-04	2023-11-07
https://usn.ubuntu.com/4376-1	2023-11-07
https://usn.ubuntu.com/4376-2	2023-11-07
https://usn.ubuntu.com/4504-1	2023-11-07
https://www.debian.org/security/2019/dsa-4539	2023-11-07
https://www.debian.org/security/2019/dsa-4540	2023-11-07
https://www.openssl.org/news/secadv/20190910.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2019-1563	2020-04-28
https://bugzilla.redhat.com/show_bug.cgi?id=1752100	2020-04-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.2 <= 1.0.2s Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 <= 1.0.2s"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.0 <= 1.1.0k Search vendor "Openssl" for product "Openssl" and version " >= 1.1.0 <= 1.1.0k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.1 <= 1.1.1c Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 <= 1.1.1c"		-		Affected