QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-1551

Back to search

CVE-2019-1551

Published: Dec 6, 2019

Modified: Sep 16, 2024

PUBLISHED

Description

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

VendorProductVersions

OpenSSL

OpenSSL

affected
Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d)
affected
Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)

References

DSA-4594
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2020:0062
vendor-advisory
x_refsource_SUSE
GLSA-202004-10
vendor-advisory
x_refsource_GENTOO
FEDORA-2020-fcc91a28e8
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-da2d1ef2d7
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-d7b29838f6
vendor-advisory
x_refsource_FEDORA
USN-4376-1
vendor-advisory
x_refsource_UBUNTU
USN-4504-1
vendor-advisory
x_refsource_UBUNTU
DSA-4855
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now