Description
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Made Easy Cross-Site Scripting (2.2.23)
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18573)
Oracle Database Server CVE-2010-0911 Vulnerability (CVE-2010-0911)
MediaWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1055)