Endpoint Vulnerability

Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey


Severity: LowIn situations where an attacker receives automated notification of the successor failure of a decryption attempt an attacker, after sending a very largenumber of messages to be decrypted, can recover a CMS/PKCS7 transportedencryption key or decrypt any RSA encrypted message that was encrypted with thepublic RSA key, using a Bleichenbacher padding oracle attack. Applications arenot affected if they use a certificate together with the private RSA key to theCMS_decrypt or PKCS7_decrypt functions to select the correct recipient info todecrypt.OpenSSL 1.1.1 users should upgrade to 1.1.1dOpenSSL 1.1.0 users should upgrade to 1.1.0lOpenSSL 1.0.2 users should upgrade to 1.0.2tThis issue was reported by and the fix developed by Bernd Edlinger. It wasreported to OpenSSL on 21st August 2019.NoteOpenSSL 1.0.2 is currently only receiving security updates. Support for 1.0.2will end on 31st December 2019.Support for 1.1.0 ends on 11th September 2019 so 1.1.0l is expected to be thelast 1.1.0 release.Users of these versions should upgrade to OpenSSL 1.1.1.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv/20190910.txtNote: the online version of the advisory may be updated with additional detailsover time.For details of OpenSSL severity classifications please see:https://www.openssl.org/policies/secpolicy.html

Affected Products