Description
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Widget Control Powered By Everyblock Cross-Site Scripting (1.0.1)
WordPress Plugin cformsII SQL Injection (14.12.3)
Oracle Database Server Other Vulnerability (CVE-2005-3641)
MySQL CVE-2021-2076 Vulnerability (CVE-2021-2076)
Atlassian Jira CVE-2021-39121 Vulnerability (CVE-2021-39121)