Red Hat Customer Portal

Skip to main content


RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.

Details Source



Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Public Date

2010-06-01 00:00:00


CVE-2010-1633 openssl: information leak due to invalid Return value check

Bugzilla ID

598 732

CVSS Status


Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openssl Not affected