How severe is CVE-2019-1551?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-1551?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2019-1551 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

Related Vulnerabilities

CVE-2017-17288

MEDIUM

CVSS:5.3(Medium)

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R...

CWE-1902017

CVE-2018-10751

MEDIUM

CVSS:5.3(Medium)

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memo...

CWE-1902018

CVE-2018-16881

MEDIUM

CVSS:5.3(Medium)

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions befor...

CWE-1902018

CVE-2019-11048

MEDIUM

CVSS:5.3(Medium)

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocat...

CWE-1902019

CVE-2020-12826

MEDIUM

CVSS:5.3(Medium)

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a ...

CWE-1902020

CVE-2020-14155

MEDIUM

CVSS:5.3(Medium)

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

CWE-1902020