CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.7%

CVSS Severity

CVSS v3 Score 3.7

CVSS v2 Score 4.3

References

Products affected by CVE-2019-1563

Openssl » Openssl » Version: 1.0.2

cpe:2.3:a:openssl:openssl:1.0.2
Openssl » Openssl » Version: 1.0.2a

cpe:2.3:a:openssl:openssl:1.0.2a
Openssl » Openssl » Version: 1.0.2b

cpe:2.3:a:openssl:openssl:1.0.2b
Openssl » Openssl » Version: 1.0.2c

cpe:2.3:a:openssl:openssl:1.0.2c
Openssl » Openssl » Version: 1.0.2d

cpe:2.3:a:openssl:openssl:1.0.2d
Openssl » Openssl » Version: 1.0.2e

cpe:2.3:a:openssl:openssl:1.0.2e
Openssl » Openssl » Version: 1.0.2f

cpe:2.3:a:openssl:openssl:1.0.2f
Openssl » Openssl » Version: 1.0.2g

cpe:2.3:a:openssl:openssl:1.0.2g
Openssl » Openssl » Version: 1.0.2h

cpe:2.3:a:openssl:openssl:1.0.2h
Openssl » Openssl » Version: 1.0.2i

cpe:2.3:a:openssl:openssl:1.0.2i
Openssl » Openssl » Version: 1.0.2j

cpe:2.3:a:openssl:openssl:1.0.2j
Openssl » Openssl » Version: 1.0.2k

cpe:2.3:a:openssl:openssl:1.0.2k
Openssl » Openssl » Version: 1.0.2l

cpe:2.3:a:openssl:openssl:1.0.2l
Openssl » Openssl » Version: 1.0.2m

cpe:2.3:a:openssl:openssl:1.0.2m
Openssl » Openssl » Version: 1.0.2n

cpe:2.3:a:openssl:openssl:1.0.2n
Openssl » Openssl » Version: 1.0.2o

cpe:2.3:a:openssl:openssl:1.0.2o
Openssl » Openssl » Version: 1.0.2p

cpe:2.3:a:openssl:openssl:1.0.2p
Openssl » Openssl » Version: 1.0.2q

cpe:2.3:a:openssl:openssl:1.0.2q
Openssl » Openssl » Version: 1.0.2r

cpe:2.3:a:openssl:openssl:1.0.2r
Openssl » Openssl » Version: 1.0.2s

cpe:2.3:a:openssl:openssl:1.0.2s
Openssl » Openssl » Version: 1.1.0

cpe:2.3:a:openssl:openssl:1.1.0
Openssl » Openssl » Version: 1.1.0a

cpe:2.3:a:openssl:openssl:1.1.0a
Openssl » Openssl » Version: 1.1.0b

cpe:2.3:a:openssl:openssl:1.1.0b
Openssl » Openssl » Version: 1.1.0c

cpe:2.3:a:openssl:openssl:1.1.0c
Openssl » Openssl » Version: 1.1.0d

cpe:2.3:a:openssl:openssl:1.1.0d
Openssl » Openssl » Version: 1.1.0e

cpe:2.3:a:openssl:openssl:1.1.0e
Openssl » Openssl » Version: 1.1.0f

cpe:2.3:a:openssl:openssl:1.1.0f
Openssl » Openssl » Version: 1.1.0g

cpe:2.3:a:openssl:openssl:1.1.0g
Openssl » Openssl » Version: 1.1.0h

cpe:2.3:a:openssl:openssl:1.1.0h
Openssl » Openssl » Version: 1.1.0i

cpe:2.3:a:openssl:openssl:1.1.0i
Openssl » Openssl » Version: 1.1.0j

cpe:2.3:a:openssl:openssl:1.1.0j
Openssl » Openssl » Version: 1.1.0k

cpe:2.3:a:openssl:openssl:1.1.0k
Openssl » Openssl » Version: 1.1.1

cpe:2.3:a:openssl:openssl:1.1.1
Openssl » Openssl » Version: 1.1.1a

cpe:2.3:a:openssl:openssl:1.1.1a
Openssl » Openssl » Version: 1.1.1b

cpe:2.3:a:openssl:openssl:1.1.1b
Openssl » Openssl » Version: 1.1.1c

cpe:2.3:a:openssl:openssl:1.1.1c

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1563

Products

Pricing

Contact Us