fkie_cve-2019-1547
Vulnerability from fkie_nvd
Published
2019-09-10 17:15
Modified
2024-11-21 04:36
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
References
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
openssl-security@openssl.orghttp://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
openssl-security@openssl.orghttps://arxiv.org/abs/1909.01785Third Party Advisory
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
openssl-security@openssl.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10365
openssl-security@openssl.orghttps://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
openssl-security@openssl.orghttps://seclists.org/bugtraq/2019/Oct/0
openssl-security@openssl.orghttps://seclists.org/bugtraq/2019/Oct/1
openssl-security@openssl.orghttps://seclists.org/bugtraq/2019/Sep/25Third Party Advisory
openssl-security@openssl.orghttps://security.gentoo.org/glsa/201911-04
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20190919-0002/
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20200122-0002/
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20200416-0003/
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20240621-0006/
openssl-security@openssl.orghttps://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS
openssl-security@openssl.orghttps://usn.ubuntu.com/4376-1/
openssl-security@openssl.orghttps://usn.ubuntu.com/4376-2/
openssl-security@openssl.orghttps://usn.ubuntu.com/4504-1/
openssl-security@openssl.orghttps://www.debian.org/security/2019/dsa-4539
openssl-security@openssl.orghttps://www.debian.org/security/2019/dsa-4540
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20190910.txtVendor Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpuapr2020.html
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2020.html
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujul2020.html
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpuoct2020.html
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2019-08
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2019-09
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
af854a3a-2127-422b-91ae-364da2661108https://arxiv.org/abs/1909.01785Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10365
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Oct/0
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Oct/1
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Sep/25Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201911-04
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190919-0002/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200122-0002/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200416-0003/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4376-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4376-2/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4504-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4539
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4540
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20190910.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-08
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-09
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl *
openssl openssl *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DAC8B94-3674-4E4B-9BB0-A16CA0197885",
                     versionEndIncluding: "1.0.2s",
                     versionStartIncluding: "1.0.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "65728FC6-4B4F-4D43-872B-BE1133BB2281",
                     versionEndIncluding: "1.1.0k",
                     versionStartIncluding: "1.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2ACA227-3992-478E-85C3-023D8AF88A08",
                     versionEndIncluding: "1.1.1c",
                     versionStartIncluding: "1.1.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
      },
      {
         lang: "es",
         value: "Normalmente en los grupos EC de OpenSSL siempre tienen un cofactor presente y este es usado en rutas de código resistentes a canales laterales. Sin embargo, en ciertos casos, es posible construir un grupo usando parámetros explícitos (en lugar de usar una curva nombrada). En esos casos, es posible que dicho grupo no tenga el cofactor presente. Esto puede ocurrir incluso cuando todos los parámetros coinciden con una curva de nombre conocido. Si es utilizada dicha curva, entonces OpenSSL recurre a rutas de código resistentes a canales no laterales lo que puede resultar en una recuperación de clave completa durante una operación de firma ECDSA. Para que sea vulnerable, un atacante tendría que tener la capacidad de cronometrar la creación de un gran número de firmas donde parámetros explícitos sin cofactor presente están en uso mediante una aplicación que utiliza libcrypto. Para evitar dudas, libssl no es vulnerable porque nunca se utilizan parámetros explícitos. Corregido en OpenSSL versión 1.1.1d (afectada la versión 1.1.1-1.1.1c). Corregido en OpenSSL versión 1.1.0l (afectada la versión 1.1.0-1.1.0k). Corregida en OpenSSL versión 1.0.2t (afectada la versión 1.0.2-1.0.2s).",
      },
   ],
   id: "CVE-2019-1547",
   lastModified: "2024-11-21T04:36:48.160",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 1.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-09-10T17:15:11.750",
   references: [
      {
         source: "openssl-security@openssl.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
      },
      {
         source: "openssl-security@openssl.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://arxiv.org/abs/1909.01785",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10365",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://seclists.org/bugtraq/2019/Oct/0",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://seclists.org/bugtraq/2019/Oct/1",
      },
      {
         source: "openssl-security@openssl.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Sep/25",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://security.gentoo.org/glsa/201911-04",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://security.netapp.com/advisory/ntap-20190919-0002/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://security.netapp.com/advisory/ntap-20200122-0002/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://security.netapp.com/advisory/ntap-20200416-0003/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://usn.ubuntu.com/4376-1/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://usn.ubuntu.com/4376-2/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://usn.ubuntu.com/4504-1/",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.debian.org/security/2019/dsa-4539",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.debian.org/security/2019/dsa-4540",
      },
      {
         source: "openssl-security@openssl.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.openssl.org/news/secadv/20190910.txt",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.tenable.com/security/tns-2019-08",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.tenable.com/security/tns-2019-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://arxiv.org/abs/1909.01785",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10365",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Oct/0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://seclists.org/bugtraq/2019/Oct/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Sep/25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201911-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20190919-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20200122-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20200416-0003/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4376-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4376-2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/4504-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4539",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2019/dsa-4540",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.openssl.org/news/secadv/20190910.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpuoct2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.tenable.com/security/tns-2019-08",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.tenable.com/security/tns-2019-09",
      },
   ],
   sourceIdentifier: "openssl-security@openssl.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.