CVE-2019-1563
Description
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-1563,CVE-2019-1547,CVE-2019-1552 are fixed in OpenSSL (x64) 1.0.2t | Windows |
| Vulnerabilities CVE-2019-1563,CVE-2019-1547,CVE-2019-1552 are fixed in OpenSSL (x64) 1.1.0l | Windows |
| Vulnerabilities CVE-2019-1563,CVE-2019-1549,CVE-2019-1547,CVE-2019-1552 are fixed in OpenSSL (x64) 1.1.1d | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Vulnerabilities CVE-2019-1547,CVE-2019-1552,CVE-2019-1563,CVE-2019-4726 are affected in IBM Sterling B2B Integrator 6.0.3.0 | Windows |
| openssl security update(DSA-4539-1) openssl_1.1.0l-1~deb9u1_i386.deb | Linux |
| openssl security update(DSA-4539-1) openssl_1.1.0l-1~deb9u1_amd64.deb | Linux |
| openssl security update(DSA-4539-1) openssl_1.1.1d-0+deb10u1_amd64.deb | Linux |
| SUSE-SU-2019:2558-1(SUSE Linux Enterprise Desktop 12-SP4 ) compat-openssl098-debugsource-0.9.8j-106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2558-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl0_9_8-0.9.8j-106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2558-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl0_9_8-32bit-0.9.8j-106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2558-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl0_9_8-debuginfo-0.9.8j-106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2558-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.15.1.x86_64.rpm | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4376-1) libssl1.1_1.1.1c-1ubuntu4.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4376-1) libssl1.1_1.1.1c-1ubuntu4.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4376-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.6_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4376-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.6_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4376-1) libssl1.0.0_1.0.2g-1ubuntu4.16_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4376-1) libssl1.0.0_1.0.2g-1ubuntu4.16_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2n-1ubuntu5.4_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2n-1ubuntu5.4_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2g-1ubuntu4.17_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-4504-1) libssl1.0.0_1.0.2g-1ubuntu4.17_amd64.deb | Linux |
| Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-1563) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234