CVE-2019-1543 — Use of a Broken or Risky Cryptographic Algorithm in Openssl

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-330 — Use of Insufficiently Random Values CWE-323 — Reusing a Nonce, Key Pair in Encryption CWE-1240 — Use of a Cryptographic Primitive with a Risky Implementation13 documents9 sources

Severity

7.4HIGHNVD

EPSS

3.8%

top 11.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedMar 6

Latest updateMay 13

Description

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that …

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages4 packages

▶debiandebian/openssl< openssl 1.1.1c-1 (bookworm)

▶Debianopenssl/openssl< 1.1.1c-1+3

▶NVDopenssl/openssl1.1.0 — 1.1.0j+1

▶CVEListV5openssl/opensslFixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j), Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b)+1

🔴Vulnerability Details

GHSA

GHSA-qpgr-gj53-5m6w: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation↗2022-05-13

▶

OSV

CVE-2019-1543: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation↗2019-03-06

▶

📋Vendor Advisories

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Discovery Framework (OpenSSL) — CVE-2019-1543↗2020-04-15

▶

Red Hat

openssl: ChaCha20-Poly1305 with long nonces↗2019-03-06

▶

Debian

CVE-2019-1543: openssl - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every...↗2019

▶

📐Framework References

CWE

Use of a Cryptographic Primitive with a Risky Implementation↗

▶

💬Community

HackerOne

ChaCha20-Poly1305 with long nonces↗2019-09-30

▶

Bugzilla

CVE-2019-1543 mingw-openssl: openssl: ChaCha20-Poly1305 with long nonces [epel-7]↗2019-04-03

▶

Bugzilla

CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces [fedora-all]↗2019-04-03

▶

Bugzilla

CVE-2019-1543 compat-openssl10: openssl: ChaCha20-Poly1305 with long nonces [fedora-all]↗2019-04-03

▶

Bugzilla

CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces↗2019-04-03

▶