CVE-2019-1552 — Improper Certificate Validation in Openssl
CWE-295 — Improper Certificate ValidationCWE-427 — Uncontrolled Search Path Element17 documents10 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 67.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 30
Latest updateNov 7
Description
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OP…
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4
Affected Packages4 packages
▶CVEListV5openssl/opensslFixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s), Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k), Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)+2
🔴Vulnerability Details
1GHSA▶
GHSA-f22q-2wx9-9qgh: OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS↗2022-05-24
📋Vendor Advisories
4Palo Alto
▶
Debian▶
CVE-2019-1552: openssl - OpenSSL has internal defaults for a directory tree where it can find a configura...↗2019
📐Framework References
1📄Research Papers
1arXiv▶
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29