Back to search
CVE-2010-1633
Published: Jun 3, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2010-1313
vdb-entry
x_refsource_VUPEN
40024
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
x_refsource_CONFIRM
57353
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=598732
x_refsource_CONFIRM
40503
vdb-entry
x_refsource_BID
http://cvs.openssl.org/chngview?cn=19693
x_refsource_CONFIRM
http://www.openssl.org/news/secadv_20100601.txt
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now