CVE-2010-1633

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.0a OpenSSL versions prior to 1.0.0e

Description The issue is related to the EVP PKEY verify recover function in OpenSSL, which returns uninitialized memory upon failure. This could allow context-dependent attackers to bypass intended key requirements or obtain sensitive information. The vulnerability might be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.0.0a, update to version 1.0.0a or later. For versions prior to 1.0.0e, update to version 1.0.0e or later. As a temporary workaround, consider restricting access to the EVP PKEY verify recover function until a patch is available.