Published: 10/09/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 449

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl

Several security issues were fixed in OpenSSL ...

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() and it was discovered that a feature of the random number generator (RNG) intended to protect against shared RNG state between parent and child processes in the event of a fork() syscall was not used by ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP2 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 2 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rat ...

Synopsis Moderate: openssl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openssl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2437 SP2 security update Type/Severity Security Advisory: Moderate Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat En ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher paddi ...

Impact: Low Public Date: 2019-09-10 CWE: CWE-200 Bugzilla: 1752095: CVE-2019-1549 openssl: information ...

Cosminexus HTTP Server contain the following vulnerabilities: CVE-2019-1547, CVE-2019-1549, CVE-2019-1563 Affected products and versions are listed below Please upgrade your version to the appropriate version This problem occurs only if the SSL function is being used ...

JP1 contain the following vulnerabilities: CVE-2019-1549, CVE-2019-1563 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center CVE-2019-1547, CVE-2019-1549, CVE-2019-1551, CVE-2019-1563, CVE-2020-1971, CVE-2021-3711, CVE-2021-3712, CVE-2021-23840, CVE-2021-23841, CVE-2022-0778, CVE- ...

Critical Infrastructure Sectors: Energy

CWE-330 https://www.openssl.org/news/secadv/20190910.txt https://security.netapp.com/advisory/ntap-20190919-0002/https://support.f5.com/csp/article/K44070243 https://seclists.org/bugtraq/2019/Oct/1 https://www.debian.org/security/2019/dsa-4539 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpuapr2020.html https://usn.ubuntu.com/4376-1/https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be https://support.f5.com/csp/article/K44070243?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4376-1/https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-21-336-06

Get Started

CVE-2019-1549

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect