Description

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-1633

Related Vulnerabilities

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1134)

Squid NULL Pointer Dereference Vulnerability (CVE-2018-1172)

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

WordPress Plugin WP Easy Post Types Cross-Site Scripting (1.4.3)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4791)

Severity

Medium

Classification

CVE-2010-1633 CWE-264

Tags

Missing Update Known Vulnerabilities