Lucene search

K
cve[email protected]CVE-2010-1633
HistoryJun 03, 2010 - 2:30 p.m.

CVE-2010-1633

2010-06-0314:30:00
CWE-264
web.nvd.nist.gov
36
cve-2010-1633
openssl
rsa verification
evp_pkey_verify_recover
vulnerability
security
nvd

9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
openssl:opensslopenssleq1.0.0

9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%