PT-2019-3787 · Openssl+5 · Openssl+5

Matt Caswell

Published

2019-09-10

Updated

2026-04-27

CVE-2019-1549

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1c

Description The issue is related to the random number generator (RNG) in OpenSSL, which was intended to protect against shared RNG state between parent and child processes after a fork() system call. However, this protection was not enabled by default. A mitigation factor is that the output from a high precision timer is mixed into the RNG state, reducing the likelihood of shared state. The problem does not occur if an application explicitly calls OPENSSL init crypto() using OPENSSL INIT ATFORK.

Recommendations For OpenSSL versions 1.1.1 through 1.1.1c, update to version 1.1.1d to resolve the issue. As a temporary workaround, consider explicitly calling OPENSSL init crypto() using OPENSSL INIT ATFORK in applications to prevent the problem.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

ALT-PU-2019-2752

ALT-PU-2019-2771

BDU:2019-04083

CESA-2020_1840

CVE-2019-1549

DSA-4539-1

DSA-4539-2

DSA-4539-3

JLSEC-2026-215

OPENSUSE-SU-2024:11127-1

RHSA-2020:1337

RHSA-2020:1840

RHSA-2020_1840

SUSE-SU-2020:0099-1

USN-4376-1

Affected Products

Alt Linux

Centos

Openssl

Red Hat

Suse

Ubuntu

PT-2019-3787 · Openssl+5 · Openssl+5

CVE-2019-1549

Weakness Enumeration

Related Identifiers

Affected Products

References · 194