CVE-2019-1543

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2019-1543
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2019-03-06 21:29:00 UTC
Updated2023-11-07 03:08:00 UTC
DescriptionChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).

Risk And Classification

Problem Types: CWE-327 | CWE-330

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Openssl Openssl All All All All
Application Openssl Openssl All All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 30 Update: compat-openssl10-1.0.2o-7.fc30 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 30 Update: compat-openssl10-1.0.2o-7.fc30 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 29 Update: compat-openssl10-1.0.2o-7.fc29 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Bugtraq: [SECURITY] [DSA 4475-1] openssl security update BUGTRAQ seclists.org
[security-announce] openSUSE-SU-2019:1814-1: important: Security update SUSE lists.opensuse.org
git.openssl.org Git - openssl.git/commitdiff CONFIRM git.openssl.org Mailing List, Patch, Vendor Advisory
Security Bulletin - Policy Auditor update fixes multiple vulnerabilities in third-party libraries (CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2017-17740, CVE-2017-9287, CVE-2019-13057, CVE-2020-15719, CVE-2019-1543, CVE-2019-1547, CVE-2019-1552, CVE-2019-1563, CVE-2019-8457, CVE-2018-20506, CVE-2018-20346, CVE-2019-16168, CVE-2017-12627) CONFIRM kc.mcafee.com
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
[SECURITY] Fedora 29 Update: compat-openssl10-1.0.2o-7.fc29 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
Oracle Critical Patch Update - July 2019 MISC www.oracle.com
Debian -- Security Information -- DSA-4475-1 openssl DEBIAN www.debian.org
Oracle Critical Patch Update - October 2019 MISC www.oracle.com
git.openssl.org Git - openssl.git/commitdiff CONFIRM git.openssl.org Mailing List, Patch, Vendor Advisory
Oracle Critical Patch Update Advisory - April 2020 N/A www.oracle.com
Red Hat Customer Portal REDHAT access.redhat.com
www.openssl.org/news/secadv/20190306.txt CONFIRM www.openssl.org Vendor Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Joran Dirk Greef of Ronomon

Legacy QID Mappings

  • 500182 Alpine Linux Security Update for file
  • 500492 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
  • 500560 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
  • 500759 Alpine Linux Security Update for openssl
  • 501159 Alpine Linux Security Update for openssl
  • 501978 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
  • 502897 Alpine Linux Security Update for openssl1.1-compat
  • 503921 Alpine Linux Security Update for file
  • 504251 Alpine Linux Security Update for openssl
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report