Description
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2016-7413)
WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)
IBM WebSEAL Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-4707)
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes SQL Injection (7.6.2)
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)