Lucene search
K

5 matches found

seebug.org
seebug.org
added 2010/06/04 12:0 a.m.56 views

OpenSSL EVP_PKEY_verify_recover()无效返回值绕过密钥验证漏洞

BUGTRAQ ID: 40503 CVE ID: CVE-2010-1633 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 当验证恢复进程失败的情况下所返回的是未初始化的缓冲区而不是出错代码,使用EVPPKEYverifyrecover函数的应用可以利用这个情况绕过密钥验证获得非授权访问。 OpenSSL 1.0.0 厂商补丁: OpenSSL Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.4CVSS8.6AI score0.02392EPSS
Exploits2
Prion
Prion
added 2010/06/03 2:30 p.m.23 views

Information disclosure

RSA verification recovery in the EVPPKEYverifyrecover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive...

6.4CVSS6.5AI score0.02392EPSS
Exploits2References9Affected Software1
UbuntuCve
UbuntuCve
added 2010/06/03 2:30 p.m.30 views

CVE-2010-1633

RSA verification recovery in the EVPPKEYverifyrecover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive...

6.4CVSS6.9AI score0.02392EPSS
Exploits2References2
Cvelist
Cvelist
added 2010/06/03 2:0 p.m.31 views

CVE-2010-1633

RSA verification recovery in the EVPPKEYverifyrecover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive...

7.3AI score0.02392EPSS
Exploits2References9
CVE
CVE
added 2010/06/03 2:0 p.m.85 views

CVE-2010-1633

OpenSSL CVE-2010-1633: RSA verification recovery in EVP_PKEY_verify_recover in OpenSSL 1.x before 1.0.0a returns uninitialized memory on failure, potentially allowing context-dependent attackers to bypass key requirements or glean information via unspecified vectors (noted as used by pkeyutl and ...

6.4CVSS8.2AI score0.02392EPSS
Exploits2References9Affected Software1
Rows per page
Query Builder