Ronald Moesbergen

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.0.0e OpenSSL versions prior to 0.9.8o OpenSSL versions prior to 1.0.0a **Description** The issue affects the OpenSSL package in Gentoo Linux, allowing for remote exploitation that may compromise the confidentiality, integrity, and availability of protected information. Specifically, the Cryptographic Message Syntax (CMS) implementation does not properly handle structures containing OriginatorInfo, enabling context-dependent attackers to modify invalid memory locations, conduct double-free attacks, or possibly execute arbitrary code. **Recommendations** For versions prior to 1.0.0e, update to version 1.0.0e or later. For versions prior to 0.9.8o, update to version 0.9.8o or later. For versions prior to 1.0.0a, update to version 1.0.0a or later.