CVE-2019-1551— rsaz_512_sqr overflow bug on x86_64

EPSS 2.42% · P85 Updated Feb 23, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1551

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

rsaz_512_sqr overflow bug on x86_64

Source: NVD (National Vulnerability Database)

Vulnerability Description

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSL 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSL是Openssl团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.1.1版本至1.1.1d版本和1.0.2版本至1.0.2t版本中存在输入验证错误漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
OpenSSL	OpenSSL	Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d)	-

II. Public POCs for CVE-2019-1551

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-1551

请登录查看更多情报信息。

https://www.tenable.com/security/tns-2019-09x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20191206.txtx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-10x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8fx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2020-03x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98x_refsource_CONFIRM
http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2020-11x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4594vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2021/dsa-4855vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/4376-1/vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4504-1/vendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/202004-10vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.htmlvendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/vendor-advisoryx_refsource_FEDORA
https://seclists.org/bugtraq/2019/Dec/39mailing-listx_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2019-1551

IV. Related Vulnerabilities

Same product: OpenSSL

Same vendor: OpenSSL

V. Comments for CVE-2019-1551

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-1551— rsaz_512_sqr overflow bug on x86_64

I. Basic Information for CVE-2019-1551

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-1551

III. Intelligence Information for CVE-2019-1551

IV. Related Vulnerabilities

V. Comments for CVE-2019-1551

Leave a comment