Doubts in the fix of CVE-2019-1559

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Doubts in the fix of CVE-2019-1559

Manish Patidar
Hi
This vulnerability is fixed based on pid of process. Currently we are geting pid only  where pthread is enabled,  does it mean that this vulnerability does not impact to other environment like Windows etc.? 

Regards 
Manish 
Reply | Threaded
Open this post in threaded view
|

Re: Doubts in the fix of CVE-2019-1559

Matt Caswell-2


On 19/09/2019 07:47, Manish Patidar wrote:
> Hi
> This vulnerability is fixed based on pid of process. Currently we are geting pid
> only  where pthread is enabled,  does it mean that this vulnerability does not
> impact to other environment like Windows etc.?

CVE-2019-1559 has nothing to do with pids. It is a padding oracle that can occur
if 0 byte records are received.

Perhaps you meant CVE-2019-1549? This is related to how we reseed the random
number generator in the event of a "fork". Since windows lacks the capability to
do fork it is not a problem on that platform.

Matt