VDB

GCVE-VVD-MAGEIA-2019-106

GCVE-VVD-MAGEIA-2019-106
Advisory Published
Vulnetix · Advisory published August 31, 2019
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data (CVE-2019-1559).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiastrace0 (affected), 5.2-1.mga7 (unaffected)
Mageiaopenssl0 (affected), 1.0.2r-1.mga6 (unaffected), 0 (affected), 1.0.2r-1.mga6 (unaffected)

References

Updated openssl packages fix security vulnerability
advisory
Updated openssl packages fix security vulnerability
issue
Updated openssl packages fix security vulnerability
issue
Updated strace packages adds support for kernel 5.2 series
advisory
Updated strace packages adds support for kernel 5.2 series
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›