CVE-2019-1563

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2s OpenSSL versions 1.1.0 through 1.1.0k OpenSSL versions 1.1.1 through 1.1.1c

Description The issue is related to a padding oracle attack in the PKCS7 dataDecode and CMS decrypt set1 pkey functions, allowing an attacker to recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key. This can be achieved by sending a large number of messages to be decrypted. Applications using a certificate together with the private RSA key to select the correct recipient info to decrypt are not affected.

Recommendations For OpenSSL versions 1.0.2 through 1.0.2s, update to version 1.0.2t. For OpenSSL versions 1.1.0 through 1.1.0k, update to version 1.1.0l. For OpenSSL versions 1.1.1 through 1.1.1c, update to version 1.1.1d.