Description
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Global Content Blocks Cross-Site Request Forgery (2.1.5)
Oracle JRE CVE-2013-2452 Vulnerability (CVE-2013-2452)
WordPress Plugin WP Edit Unspecified Vulnerability (3.0)
PHP Resource Management Errors Vulnerability (CVE-2012-0830)
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-8942)