RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | QCN9074 |
| n/a | n/a | < 471f59b3455314f0cafacf3096453727876355a9 |