Red Hat Customer Portal

Skip to main content

CVE-2010-1633

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.

Details Source

Mitre

Statement

Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Public Date

2010-06-01 00:00:00

Bugzilla

CVE-2010-1633 openssl: information leak due to invalid Return value check

Bugzilla ID

598 732

CVSS Status

draft

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openssl Not affected