CVE-2010-1633

CVE-2010-1633 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.

Learn more about our Web Application Penetration Testing UK.