Doubts in the fix of CVE-2019-1559

Matt Caswell matt at
Thu Sep 19 08:13:46 UTC 2019

On 19/09/2019 07:47, Manish Patidar wrote:
> Hi
> This vulnerability is fixed based on pid of process. Currently we are geting pid
> only  where pthread is enabled,  does it mean that this vulnerability does not
> impact to other environment like Windows etc.? 

CVE-2019-1559 has nothing to do with pids. It is a padding oracle that can occur
if 0 byte records are received.

Perhaps you meant CVE-2019-1549? This is related to how we reseed the random
number generator in the event of a "fork". Since windows lacks the capability to
do fork it is not a problem on that platform.


More information about the openssl-users mailing list