In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
1.0.2g-1ubuntu4.161.1.1-1ubuntu2.1~18.04.61.0.2n-1ubuntu5.41.0.1f-1ubuntu2.27+esm10~20150106.5c2d456b-20~20160104.c2a892d7-10~20160408.ffea0a2c-20~20160408.ffea0a2c-2ubuntu0.10~20160408.ffea0a2c-2ubuntu0.20~20160408.ffea0a2c-2ubuntu0.2+esm10~20160408.ffea0a2c-2ubuntu0.2+esm30~20170911.5dfba97c-10~20171010.234dbcef-10~20171027.76fd5a66-10~20171205.a9212288-10~20180105.0bc94c74-10~20180205.c0d9813c-10~20180205.c0d9813c-20~20180205.c0d9813c-2ubuntu0.10~20180205.c0d9813c-2ubuntu0.20~20180205.c0d9813c-2ubuntu0.3+2 more12.22.5~dfsg-5ubuntu112.22.7~dfsg-2ubuntu112.22.7~dfsg-2ubuntu312.22.9~dfsg-1ubuntu212.22.9~dfsg-1ubuntu312.22.9~dfsg-1ubuntu3.112.22.9~dfsg-1ubuntu3.212.22.9~dfsg-1ubuntu3.312.22.9~dfsg-1ubuntu3.412.22.9~dfsg-1ubuntu3.5+2 more1.1.1-1ubuntu2.fips.2.1~18.04.6.11.0.2g-1ubuntu4.fips.4.61.0.2g-1ubuntu4.fips.4.6.11.0.2g-1ubuntu4.fips.4.6.21.0.2g-1ubuntu4.fips.4.6.31.0.2g-1ubuntu4.fips.4.6~ppa11.0.2g-1ubuntu4.fips.4.6~ppa21.0.2g-1ubuntu4.fips.4.6~ppa31.0.2g-1ubuntu4.fips.4.16.1Exploitability
AV:NAC:HPR:NUI:NScope
S:UImpact
C:LI:NA:NCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N