{"id":"CVE-2019-1551","details":"There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).","modified":"2026-04-16T01:39:17.758636267Z","published":"2019-12-06T18:15:12.840Z","related":["SUSE-FU-2022:0445-1","SUSE-SU-2020:0002-1","SUSE-SU-2020:0028-1","SUSE-SU-2020:0064-1","SUSE-SU-2020:0069-1","SUSE-SU-2020:0099-1","SUSE-SU-2020:0474-1","openSUSE-SU-2020:0062-1","openSUSE-SU-2024:10660-1","openSUSE-SU-2024:11126-1","openSUSE-SU-2024:11127-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"12.4.0.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.0.12"},{"introduced":"8.0.0"},{"last_affected":"8.0.20"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.56"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.57"}]},{"cpe":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"8.58"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*","extracted_events":[{"fixed":"6.0.9"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"16.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"18.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"19.10"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}]},{"cpe":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"30"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"31"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"32"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.1"}]}]},"references":[{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Dec/39"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Dec/46"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202004-10"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20191210-0001/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4376-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4504-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4594"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4855"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20191206.txt"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2019-09"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2020-03"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2020-11"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2021-10"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.0.2"},{"last_affected":"1.0.2t"},{"introduced":"1.1.1"},{"last_affected":"1.1.1d"}]}}],"versions":["OpenSSL_1_0_2u","OpenSSL_1_1_1w"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1551.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}