CVE-2019-1559

CVSS V2 Medium 4.3 CVSS V3 Medium 5.9
Description
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Overview
  • CVE ID
  • CVE-2019-1559
  • Assigner
  • openssl-security@openssl.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2019-02-27T23:29:00
  • Last Modified Date
  • 2022-08-19T11:14:33
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1 OR 1.0.2 1.0.2r
AND
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* 1 OR 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* 1 OR 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* 1 OR
cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:* 1 OR
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:* 1 OR
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:* 1 OR
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:* 1 OR 9.0.0 9.0.4
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* 1 OR 13.0.0 13.1.3
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.1.2
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* 1 OR 15.0.0 15.1.0
cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* 1 OR 6.0.0 6.1.0
cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* 1 OR 7.0.0 7.1.0
cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:* 1 OR 5.0.0 5.1.0
cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* 1 OR 8.2.3
AND
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:* 1 OR 5.6.0 5.6.4
cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:* 1 OR 4.0.0 6.0.0
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:* 1 OR 2.0.0 3.0.0
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* 1 OR 7.0.0 9.0.0
AND
cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:* 1 OR
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:* 1 OR
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:* 1 OR
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* 1 OR 5.6.0 5.6.43
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* 1 OR 5.7.0 5.7.25
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* 1 OR 8.0.0 8.0.15
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* 1 OR 4.0.8
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* 1 OR 8.0.0 8.0.14
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* 1 OR 8.0.16
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 1 OR 7.1.0 7.1.15
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 1 OR 8.0.0 8.0.20
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 1 OR 8.1.0 8.1.8
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* 1 OR 9.0.0 9.0.2
AND
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* 1 OR 6.0.0 6.8.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* 1 OR 6.9.0 6.17.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* 1 OR 8.0.0 8.8.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* 1 OR 8.9.0 8.15.1
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 5.9
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.2
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://www.openssl.org/news/secadv/20190226.txt Vendor Advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Patch Third Party Advisory
https://usn.ubuntu.com/3899-1/ Third Party Advisory
http://www.securityfocus.com/bid/107174 Third Party Advisory VDB Entry
https://www.debian.org/security/2019/dsa-4400 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190301-0002/ Broken Link Third Party Advisory
https://security.netapp.com/advisory/ntap-20190301-0001/ Patch Third Party Advisory
https://security.gentoo.org/glsa/201903-10 Third Party Advisory
https://support.f5.com/csp/article/K18549143 Third Party Advisory
https://www.tenable.com/security/tns-2019-02 Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190423-0002/ Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch Third Party Advisory
https://www.tenable.com/security/tns-2019-03 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10282 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html Mailing List Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2304 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2437 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2439 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2471 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ Mailing List Third Party Advisory
https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3929 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3931 Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory
https://usn.ubuntu.com/4376-2/ Broken Link
https://www.oracle.com/security-alerts/cpujan2021.html Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-04-04 00:42:22 Added to TrackCVE
2022-12-03 17:43:11 2019-02-27T23:29Z 2019-02-27T23:29:00 CVE Published Date updated
2022-12-03 17:43:11 2022-08-19T11:14:33 CVE Modified Date updated
2022-12-03 17:43:11 Analyzed Vulnerability Status updated