Internet Bug Bounty: CVE-2019-1551: rsaz_512_sqr overflow bug on x86_64

The CVE-2019-1551 vulnerability was an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli in the OpenSSL library. The vulnerability was found and reported by researchers. The issue was mitigated in the 1.1.1 and 1.0.2 versions of OpenSSL...

Debian DLA-2952-1 : openssl - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2952 advisory. - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests...

BN_mod_exp may produce incorrect results on MIPS

...

FreeBSD : OpenSSL -- BN_mod_exp incorrect results on MIPS (1aaaa5c6-804d-11ec-8be6-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1aaaa5c6-804d-11ec-8be6-d4c9ef517024 advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are...

CVE-2021-4160 BN_mod_exp may produce incorrect results on MIPS

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

OpenSSL Information Disclosure Vulnerability (20191206) - Windows

OpenSSL is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Oracle Linux 8 : openssl (ELSA-2020-4514)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4514 advisory. 1.1.1g-11 - Further changes for SP 800-56A rev3 requirements 1.1.1g-9 - Rewire FIPSdrbg API to use the RANDDRBG - Use the well known DH groups in TLS even for...

Juniper Junos OpenSSL Security Advisory (JSA11025)

According to its self-reported version, the remote Juniper Junos device is affected by a vulnerability in the OpenSSL library. There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that...

EulerOS 2.0 SP2 : openssl (EulerOS-SA-2020-1625)

According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected...

EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2020-1538)

According to the version of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC...

EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1444)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1021)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL 1.0.2 < 1.0.2u Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2u. It is, therefore, affected by a vulnerability as referenced in the 1.0.2u advisory. - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...

Updated openssl packages fix security vulnerability

Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2020-1021)

According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: No EC...

FreeBSD : OpenSSL -- Overflow vulnerability (d778ddb0-2338-11ea-a1c7-b499baebfeaf)

The OpenSSL project reports : rsaz512sqr overflow bug on x8664 CVE-2019-1551 Low There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536,...

CVE-2019-1551

An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: No EC algorithms are affected. Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

CVE-2019-1551

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

Buffer overflow

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...