OpenSSL Permissions Privileges and Access Controls Vulnerability - CVE-2010-1633

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a as used by pkeyutl and possibly other applications returns uninitialized memory upon failure which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.