CVE-2019-19962

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19962

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19962.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19962

Downstream

DEBIAN-CVE-2019-19962

UBUNTU-CVE-2019-19962

Published

2019-12-25T00:15:10.837Z

Modified

2025-11-20T11:01:28.169180Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.

References

Affected packages

Git / github.com/wolfssl/wolfssl

Affected ranges

Type: GIT
Repo: https://github.com/wolfssl/wolfssl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

23878512c65834d12811b1107d19a001478eca5d

Fixed

3f13b49fa318fbd3216d7da36d942e7c276d3413

Affected versions

Other

WCv4-rng-stable

WCv4-stable

list

wolfRand-RC2

WCv4.*

WCv4.0-RC5

WCv4.0-RC6

WCv4.0-RC8

WCv4.0-RC9

v0.*

v0.5

v1.*

v1.8.8.0

v1.9.0

v2.*

v2.0.2

v2.0.3

v2.0.6

v2.0.8

v2.0rc1

v2.0rc2

v2.0rc2b

v2.0rc3

v2.1.1

v2.1.2

v2.1.4

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.4.0

v2.4.2

v2.4.6

v2.4.7

v2.5.0

v2.5.2

v2.5.2b

v2.6.0

v2.6.2

v2.7.0

v2.7.2

v2.8.0

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.5a

v2.8.6

v2.9.0

v2.9.1

v2.9.2

v2.9.4

v3.*

v3.0.0

v3.0.2

v3.1.0

v3.10.0-stable

v3.10.0a

v3.10.2-stable

v3.10.3

v3.10.4

v3.11.0-stable

v3.11.1-tls13-beta

v3.12.0-stable

v3.12.2-stable

v3.13.0-stable

v3.13.2

v3.13.3

v3.14.0-stable

v3.14.0a

v3.14.0b

v3.14.2

v3.14.4

v3.14.5

v3.15.0-stable

v3.15.3-stable

v3.15.5-stable

v3.15.5a

v3.15.6

v3.15.7-stable

v3.15.8

v3.2.0

v3.2.4

v3.2.6

v3.3.0

v3.3.3

v3.4.0

v3.4.2

v3.4.6

v3.4.8

v3.6.0

v3.6.0b

v3.6.2

v3.6.6

v3.6.8

v3.6.9

v3.6.9b

v3.6.9c

v3.6.9d

v3.69.d

v3.7.0

v3.7.1

v3.7.3

v3.8.0

v3.9.0

v3.9.1

v3.9.10-stable

v3.9.10b

v3.9.6

v3.9.6w

v3.9.8

v4.*

v4.0.0-stable

v4.1.0-stable

v4.2.0-stable

v4.2.0c

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/wolfssl/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d",
        "deprecated": false,
        "target": {
            "file": "wolfcrypt/src/signature.c",
            "function": "wc_SignatureGenerate"
        },
        "id": "CVE-2019-19962-cb157592",
        "digest": {
            "function_hash": "280898526316883553796056131544822533631",
            "length": 1498.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/wolfssl/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d",
        "deprecated": false,
        "target": {
            "file": "wolfssl/wolfcrypt/signature.h"
        },
        "id": "CVE-2019-19962-d0418dcd",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183367531506453828284431957714265796015",
                "271727920447747985602935363666729442300",
                "34178006291805681364937247187268621194",
                "340070323416878982152651177810941381459",
                "188995703146070082731579765576360226735",
                "310917005651176049786524605881406992440",
                "186857375698041729311043402017510064986",
                "235113494579492487338458246341156289228",
                "151410232500645864130398883313760298884",
                "713984314885704256716525077298191989"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/wolfssl/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d",
        "deprecated": false,
        "target": {
            "file": "wolfcrypt/src/signature.c",
            "function": "wc_SignatureGenerateHash"
        },
        "id": "CVE-2019-19962-defd775c",
        "digest": {
            "function_hash": "174358811701169574470443216876701897213",
            "length": 1574.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/wolfssl/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d",
        "deprecated": false,
        "target": {
            "file": "wolfcrypt/src/signature.c"
        },
        "id": "CVE-2019-19962-e04c9ee8",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "47688785896623568419890783518549967432",
                "35520306330409795435397136097059283129",
                "37559554382899629595729250643348733372",
                "43326292487791229774476501769669468623",
                "13777234730378247670422650177782737029",
                "296599009438651474580404452929488205716",
                "5707132540592112121849258836230133498",
                "71189508136670216034639939856853736655",
                "129506018324396444813167887759095444349",
                "37559554382899629595729250643348733372",
                "162643340043010986344605972215757630769",
                "332914235055617855737065860458990384820",
                "304629791392230374913539484445356968870",
                "264216294140627362848053985132971342033"
            ]
        },
        "signature_type": "Line"
    }
]