Description

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-1633

Related Vulnerabilities

WordPress Plugin Events Made Easy Cross-Site Scripting (2.2.23)

osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18573)

Oracle Database Server CVE-2010-0911 Vulnerability (CVE-2010-0911)

MediaWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1055)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4440)

Severity

Medium

Classification

CVE-2010-1633 CWE-264

Tags

Missing Update Known Vulnerabilities