Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2019-1551

Public on 2019-12-06
Modified on 2024-03-14
Description

An integer overflow was found in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream:

* No EC algorithms are affected.

* Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely.

* Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway.

* Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME

Severity
Medium
See what this means
CVSS v3 Base Score
4.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core openssl 2021-07-14 20:39 ALAS2-2021-1687

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Red Hat: CVE-2019-1551 Mitre: CVE-2019-1551 FAQs regarding Amazon Linux ALAS/CVE Severity