Peter-Michael Hager

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.0.0a OpenSSL versions prior to 1.0.0e **Description** The issue is related to the EVP PKEY verify recover function in OpenSSL, which returns uninitialized memory upon failure. This could allow context-dependent attackers to bypass intended key requirements or obtain sensitive information. The vulnerability might be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 1.0.0a, update to version 1.0.0a or later. For versions prior to 1.0.0e, update to version 1.0.0e or later. As a temporary workaround, consider restricting access to the EVP PKEY verify recover function until a patch is available.