CVE-2019-1543

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1b OpenSSL versions 1.1.0 through 1.1.0j

Description The issue is related to the ChaCha20-Poly1305 cipher in OpenSSL, which requires a unique nonce input for every encryption operation. According to RFC 7539, the nonce value should be 96 bits (12 bytes). However, OpenSSL allows a variable nonce length and incorrectly permits a nonce to be set of up to 16 bytes, where only the last 12 bytes are significant and any additional leading bytes are ignored. This can lead to serious confidentiality and integrity attacks if an application reuses a nonce value. The estimated number of potentially affected devices is not provided.

Recommendations For OpenSSL versions 1.1.1 through 1.1.1b, update to version 1.1.1c to resolve the issue. For OpenSSL versions 1.1.0 through 1.1.0j, update to version 1.1.0k to resolve the issue. As a temporary workaround, consider restricting the use of the ChaCha20-Poly1305 cipher with non-default nonce lengths to minimize the risk of exploitation. Avoid using the nonce variable in the affected API endpoint until the issue is resolved.