{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-1547", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "dateUpdated": "2024-06-21T19:06:30.909094", "dateReserved": "2018-11-28T00:00:00", "datePublished": "2019-09-10T00:00:00"}, "containers": {"cna": {"title": "ECDSA remote timing attack", "datePublic": "2019-09-10T00:00:00", "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2024-06-21T19:06:30.909094"}, "descriptions": [{"lang": "en", "value": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"version": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)", "status": "affected"}, {"version": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)", "status": "affected"}, {"version": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)", "status": "affected"}]}], "references": [{"name": "20190912 [slackware-security] openssl (SSA:2019-254-03)", "tags": ["mailing-list"], "url": "https://seclists.org/bugtraq/2019/Sep/25"}, {"name": "openSUSE-SU-2019:2158", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"}, {"name": "FEDORA-2019-d15aac6c4e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"}, {"name": "openSUSE-SU-2019:2189", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"}, {"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"}, {"name": "FEDORA-2019-d51641f152", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"}, {"name": "20191001 [SECURITY] [DSA 4539-1] openssl security update", "tags": ["mailing-list"], "url": "https://seclists.org/bugtraq/2019/Oct/1"}, {"name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update", "tags": ["mailing-list"], "url": "https://seclists.org/bugtraq/2019/Oct/0"}, {"name": "DSA-4539", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2019/dsa-4539"}, {"name": "DSA-4540", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2019/dsa-4540"}, {"name": "openSUSE-SU-2019:2268", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"}, {"name": "openSUSE-SU-2019:2269", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"}, {"name": "GLSA-201911-04", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201911-04"}, {"name": "USN-4376-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4376-1/"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"url": "https://www.tenable.com/security/tns-2019-08"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"url": "https://www.openssl.org/news/secadv/20190910.txt"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46"}, {"url": "https://arxiv.org/abs/1909.01785"}, {"url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"}, {"url": "https://security.netapp.com/advisory/ntap-20190919-0002/"}, {"url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS"}, {"url": "https://www.tenable.com/security/tns-2019-09"}, {"url": "https://security.netapp.com/advisory/ntap-20200122-0002/"}, {"url": "https://security.netapp.com/advisory/ntap-20200416-0003/"}, {"name": "USN-4376-2", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4376-2/"}, {"name": "USN-4504-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4504-1/"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "credits": [{"lang": "en", "value": "Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley"}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Timing side channel"}]}]}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DAC8B94-3674-4E4B-9BB0-A16CA0197885", "versionEndIncluding": "1.0.2s", "versionStartIncluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "65728FC6-4B4F-4D43-872B-BE1133BB2281", "versionEndIncluding": "1.1.0k", "versionStartIncluding": "1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2ACA227-3992-478E-85C3-023D8AF88A08", "versionEndIncluding": "1.1.1c", "versionStartIncluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."}, {"lang": "es", "value": "Normalmente en los grupos EC de OpenSSL siempre tienen un cofactor presente y este es usado en rutas de c\u00f3digo resistentes a canales laterales. Sin embargo, en ciertos casos, es posible construir un grupo usando par\u00e1metros expl\u00edcitos (en lugar de usar una curva nombrada). En esos casos, es posible que dicho grupo no tenga el cofactor presente. Esto puede ocurrir incluso cuando todos los par\u00e1metros coinciden con una curva de nombre conocido. Si es utilizada dicha curva, entonces OpenSSL recurre a rutas de c\u00f3digo resistentes a canales no laterales lo que puede resultar en una recuperaci\u00f3n de clave completa durante una operaci\u00f3n de firma ECDSA. Para que sea vulnerable, un atacante tendr\u00eda que tener la capacidad de cronometrar la creaci\u00f3n de un gran n\u00famero de firmas donde par\u00e1metros expl\u00edcitos sin cofactor presente est\u00e1n en uso mediante una aplicaci\u00f3n que utiliza libcrypto. Para evitar dudas, libssl no es vulnerable porque nunca se utilizan par\u00e1metros expl\u00edcitos. Corregido en OpenSSL versi\u00f3n 1.1.1d (afectada la versi\u00f3n 1.1.1-1.1.1c). Corregido en OpenSSL versi\u00f3n 1.1.0l (afectada la versi\u00f3n 1.1.0-1.1.0k). Corregida en OpenSSL versi\u00f3n 1.0.2t (afectada la versi\u00f3n 1.0.2-1.0.2s)."}], "id": "CVE-2019-1547", "lastModified": "2024-06-21T19:15:15.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-10T17:15:11.750", "references": [{"source": "openssl-security@openssl.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"}, {"source": "openssl-security@openssl.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"}, {"source": "openssl-security@openssl.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"}, {"source": "openssl-security@openssl.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"}, {"source": "openssl-security@openssl.org", "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://arxiv.org/abs/1909.01785"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a"}, {"source": "openssl-security@openssl.org", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}, {"source": "openssl-security@openssl.org", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"}, {"source": "openssl-security@openssl.org", "url": "https://seclists.org/bugtraq/2019/Oct/0"}, {"source": "openssl-security@openssl.org", "url": "https://seclists.org/bugtraq/2019/Oct/1"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/25"}, {"source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/201911-04"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "openssl-security@openssl.org", "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "openssl-security@openssl.org", "url": "https://usn.ubuntu.com/4376-1/"}, {"source": "openssl-security@openssl.org", "url": "https://usn.ubuntu.com/4376-2/"}, {"source": "openssl-security@openssl.org", "url": "https://usn.ubuntu.com/4504-1/"}, {"source": "openssl-security@openssl.org", "url": "https://www.debian.org/security/2019/dsa-4539"}, {"source": "openssl-security@openssl.org", "url": "https://www.debian.org/security/2019/dsa-4540"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20190910.txt"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.tenable.com/security/tns-2019-08"}, {"source": "openssl-security@openssl.org", "url": "https://www.tenable.com/security/tns-2019-09"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}