OpenSSL up to 1.0.2s/1.1.0k/1.1.1c EC Group missing encryption

Summaryinfo

A vulnerability described as critical has been identified in OpenSSL up to 1.0.2s/1.1.0k/1.1.1c. Affected by this issue is some unknown functionality of the component EC Group Handler. Executing a manipulation can lead to missing encryption. This vulnerability appears as CVE-2019-1547. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability has been found in OpenSSL up to 1.0.2s/1.1.0k/1.1.1c (Network Encryption Software) and classified as critical. This vulnerability affects an unknown code block of the component EC Group Handler. The manipulation with an unknown input leads to a missing encryption vulnerability. The CWE definition for the vulnerability is CWE-311. The product does not encrypt sensitive or critical information before storage or transmission. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

The weakness was presented 09/10/2019 as confirmed git commit (GIT Repository). The advisory is available at git.openssl.org. This vulnerability was named CVE-2019-1547 since 11/28/2018. The exploitation appears to be difficult. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1600 by the MITRE ATT&CK project.

The vulnerability scanner Nessus provides a plugin with the ID 211827 (Oracle Linux 9 : edk2 (ELSA-2024-12842)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 1.0.2t, 1.1.0l or 1.1.1d eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.openssl.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at Tenable (211827). See VDB-143770, VDB-149016, VDB-148936 and VDB-148919 for similar entries. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Network Encryption Software

Name

• OpenSSL

Version

• 1.0.2
• 1.0.2a
• 1.0.2b
• 1.0.2c
• 1.0.2d
• 1.0.2e
• 1.0.2f
• 1.0.2g
• 1.0.2h
• 1.0.2i
• 1.0.2j
• 1.0.2k
• 1.0.2l
• 1.0.2m
• 1.0.2n
• 1.0.2o
• 1.0.2p
• 1.0.2q
• 1.0.2r
• 1.0.2s
• 1.1.0
• 1.1.0a
• 1.1.0b
• 1.1.0c
• 1.1.0d
• 1.1.0e
• 1.1.0f
• 1.1.0g
• 1.1.0h
• 1.1.0i
• 1.1.0j
• 1.1.0k
• 1.1.1
• 1.1.1a
• 1.1.1b
• 1.1.1c

License

• open-source

Website

• Product: https://www.openssl.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion