CVE - CVE-2019-1551

CVE-ID
CVE-2019-1551	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20191225 [slackware-security] openssl (SSA:2019-354-01) URL:https://seclists.org/bugtraq/2019/Dec/39 BUGTRAQ:20191229 [SECURITY] [DSA 4594-1] openssl1.0 security update URL:https://seclists.org/bugtraq/2019/Dec/46 CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f URL:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98 URL:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98 CONFIRM:https://security.netapp.com/advisory/ntap-20191210-0001/ URL:https://security.netapp.com/advisory/ntap-20191210-0001/ CONFIRM:https://www.openssl.org/news/secadv/20191206.txt URL:https://www.openssl.org/news/secadv/20191206.txt CONFIRM:https://www.tenable.com/security/tns-2019-09 URL:https://www.tenable.com/security/tns-2019-09 CONFIRM:https://www.tenable.com/security/tns-2020-03 URL:https://www.tenable.com/security/tns-2020-03 CONFIRM:https://www.tenable.com/security/tns-2020-11 URL:https://www.tenable.com/security/tns-2020-11 CONFIRM:https://www.tenable.com/security/tns-2021-10 URL:https://www.tenable.com/security/tns-2021-10 DEBIAN:DSA-4594 URL:https://www.debian.org/security/2019/dsa-4594 DEBIAN:DSA-4855 URL:https://www.debian.org/security/2021/dsa-4855 FEDORA:FEDORA-2020-d7b29838f6 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/ FEDORA:FEDORA-2020-da2d1ef2d7 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/ FEDORA:FEDORA-2020-fcc91a28e8 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/ GENTOO:GLSA-202004-10 URL:https://security.gentoo.org/glsa/202004-10 MISC:http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html URL:http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html MISC:https://www.oracle.com/security-alerts/cpuApr2021.html URL:https://www.oracle.com/security-alerts/cpuApr2021.html MISC:https://www.oracle.com/security-alerts/cpujan2021.html URL:https://www.oracle.com/security-alerts/cpujan2021.html MISC:https://www.oracle.com/security-alerts/cpujul2020.html URL:https://www.oracle.com/security-alerts/cpujul2020.html MLIST:[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update URL:https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html SUSE:openSUSE-SU-2020:0062 URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html UBUNTU:USN-4376-1 URL:https://usn.ubuntu.com/4376-1/ UBUNTU:USN-4504-1 URL:https://usn.ubuntu.com/4504-1/
Assigning CNA
OpenSSL Software Foundation
Date Record Created
20181128	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20181128)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)