Description

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-1633

Related Vulnerabilities

WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.3.12)

WordPress Plugin Erident Custom Login and Dashboard Cross-Site Scripting (3.5.8)

WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)

MySQL CVE-2012-0117 Vulnerability (CVE-2012-0117)

WordPress Plugin Blue Wrench Video Widget Cross-Site Request Forgery (1.0.5)

Severity

Medium

Classification

CVE-2010-1633 CWE-264

Tags

Missing Update Known Vulnerabilities