OpenSSL CVE-2019-1547 Information Disclosure Vulnerability

Description

OpenSSL is prone to a information-disclosure vulnerability. Successfully exploiting this issue allows local attackers to recover the key during an ECDSA signature operation. Information harvested may aid in further attacks.

Technologies Affected

• OpenSSL Project OpenSSL 1.0.2
• OpenSSL Project OpenSSL 1.0.2a
• OpenSSL Project OpenSSL 1.0.2b
• OpenSSL Project OpenSSL 1.0.2c
• OpenSSL Project OpenSSL 1.0.2d
• OpenSSL Project OpenSSL 1.0.2e
• OpenSSL Project OpenSSL 1.0.2f
• OpenSSL Project OpenSSL 1.0.2g
• OpenSSL Project OpenSSL 1.0.2h
• OpenSSL Project OpenSSL 1.0.2i
• OpenSSL Project OpenSSL 1.0.2j
• OpenSSL Project OpenSSL 1.0.2k
• OpenSSL Project OpenSSL 1.0.2l
• OpenSSL Project OpenSSL 1.0.2m
• OpenSSL Project OpenSSL 1.0.2n
• OpenSSL Project OpenSSL 1.0.2o
• OpenSSL Project OpenSSL 1.0.2p
• OpenSSL Project OpenSSL 1.0.2q
• OpenSSL Project OpenSSL 1.0.2r
• OpenSSL Project OpenSSL 1.0.2s
• OpenSSL Project OpenSSL 1.1.0
• OpenSSL Project OpenSSL 1.1.0a
• OpenSSL Project OpenSSL 1.1.0b
• OpenSSL Project OpenSSL 1.1.0c
• OpenSSL Project OpenSSL 1.1.0d
• OpenSSL Project OpenSSL 1.1.0e
• OpenSSL Project OpenSSL 1.1.0f
• OpenSSL Project OpenSSL 1.1.0g
• OpenSSL Project OpenSSL 1.1.0h
• OpenSSL Project OpenSSL 1.1.0i
• OpenSSL Project OpenSSL 1.1.0j
• OpenSSL Project OpenSSL 1.1.0k
• OpenSSL Project OpenSSL 1.1.1
• OpenSSL Project OpenSSL 1.1.1B
• OpenSSL Project OpenSSL 1.1.1a
• OpenSSL Project OpenSSL 1.1.1c
• Oracle VM VirtualBox 5.0
• Oracle VM VirtualBox 5.0.10
• Oracle VM VirtualBox 5.0.11
• Oracle VM VirtualBox 5.0.12
• Oracle VM VirtualBox 5.0.13
• Oracle VM VirtualBox 5.0.14
• Oracle VM VirtualBox 5.0.16
• Oracle VM VirtualBox 5.0.18
• Oracle VM VirtualBox 5.0.22
• Oracle VM VirtualBox 5.0.26
• Oracle VM VirtualBox 5.0.28
• Oracle VM VirtualBox 5.0.32
• Oracle VM VirtualBox 5.0.34
• Oracle VM VirtualBox 5.0.38
• Oracle VM VirtualBox 5.0.8
• Oracle VM VirtualBox 5.0.9
• Oracle VM VirtualBox 5.1.10
• Oracle VM VirtualBox 5.1.14
• Oracle VM VirtualBox 5.1.16
• Oracle VM VirtualBox 5.1.20
• Oracle VM VirtualBox 5.1.24
• Oracle VM VirtualBox 5.1.30
• Oracle VM VirtualBox 5.1.32
• Oracle VM VirtualBox 5.1.36
• Oracle VM VirtualBox 5.1.8
• Oracle VM VirtualBox 5.2.0
• Oracle VM VirtualBox 5.2.10
• Oracle VM VirtualBox 5.2.16
• Oracle VM VirtualBox 5.2.18
• Oracle VM VirtualBox 5.2.2
• Oracle VM VirtualBox 5.2.20
• Oracle VM VirtualBox 5.2.22
• Oracle VM VirtualBox 5.2.24
• Oracle VM VirtualBox 5.2.25
• Oracle VM VirtualBox 5.2.26
• Oracle VM VirtualBox 5.2.28
• Oracle VM VirtualBox 5.2.32
• Oracle VM VirtualBox 5.2.4
• Oracle VM VirtualBox 6.0.0
• Oracle VM VirtualBox 6.0.10
• Oracle VM VirtualBox 6.0.2
• Oracle VM VirtualBox 6.0.4
• Oracle VM VirtualBox 6.0.6

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.

Updates are available. Please see the references or vendor advisory for more information.