Doubts in the fix of CVE-2019-1559
matt at openssl.org
Thu Sep 19 08:13:46 UTC 2019
On 19/09/2019 07:47, Manish Patidar wrote:
> This vulnerability is fixed based on pid of process. Currently we are geting pid
> only where pthread is enabled, does it mean that this vulnerability does not
> impact to other environment like Windows etc.?
CVE-2019-1559 has nothing to do with pids. It is a padding oracle that can occur
if 0 byte records are received.
Perhaps you meant CVE-2019-1549? This is related to how we reseed the random
number generator in the event of a "fork". Since windows lacks the capability to
do fork it is not a problem on that platform.
More information about the openssl-users