{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28388", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "state": "PUBLISHED", "assignerShortName": "openssl", "dateReserved": "2026-02-27T13:45:02.161Z", "datePublished": "2026-04-07T22:00:52.382Z", "dateUpdated": "2026-04-10T20:18:43.095Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThan": "3.6.2", "status": "affected", "version": "3.6.0", "versionType": "semver"}, {"lessThan": "3.5.6", "status": "affected", "version": "3.5.0", "versionType": "semver"}, {"lessThan": "3.4.5", "status": "affected", "version": "3.4.0", "versionType": "semver"}, {"lessThan": "3.3.7", "status": "affected", "version": "3.3.0", "versionType": "semver"}, {"lessThan": "3.0.20", "status": "affected", "version": "3.0.0", "versionType": "semver"}, {"lessThan": "1.1.1zg", "status": "affected", "version": "1.1.1", "versionType": "custom"}, {"lessThan": "1.0.2zp", "status": "affected", "version": "1.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Igor Morgenstern (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Igor Morgenstern (Aisle Research)"}], "datePublic": "2026-04-07T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension<br>is processed a NULL pointer dereference might happen if the required CRL<br>Number extension is missing.<br><br>Impact summary: A NULL pointer dereference can trigger a crash which<br>leads to a Denial of Service for an application.<br><br>When CRL processing and delta CRL processing is enabled during X.509<br>certificate verification, the delta CRL processing does not check<br>whether the CRL Number extension is NULL before dereferencing it.<br>When a malformed delta CRL file is being processed, this parameter<br>can be NULL, causing a NULL pointer dereference.<br><br>Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in<br>the verification context, the certificate being verified to contain a<br>freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and<br>an attacker to provide a malformed CRL to an application that processes it.<br><br>The vulnerability is limited to Denial of Service and cannot be escalated to<br>achieve code execution or memory disclosure. For that reason the issue was<br>assessed as Low severity according to our Security Policy.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br>as the affected code is outside the OpenSSL FIPS module boundary."}], "value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary."}], "metrics": [{"format": "other", "other": {"content": {"text": "Low"}, "type": "https://openssl-library.org/policies/general/security-policy/"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2026-04-07T22:00:52.382Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://openssl-library.org/news/secadv/20260407.txt"}, {"name": "3.6.2 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3"}, {"name": "3.5.6 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726"}, {"name": "3.4.5 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8"}, {"name": "3.3.7 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139"}, {"name": "3.0.20 git commit", "tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e"}], "source": {"discovery": "UNKNOWN"}, "title": "NULL Pointer Dereference When Processing a Delta CRL", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T20:18:04.195701Z", "id": "CVE-2026-28388", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T20:18:43.095Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-28388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T20:18:04.195701Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T20:18:34.089Z"}}], "cna": {"title": "NULL Pointer Dereference When Processing a Delta CRL", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Igor Morgenstern (Aisle Research)"}, {"lang": "en", "type": "remediation developer", "value": "Igor Morgenstern (Aisle Research)"}], "metrics": [{"other": {"type": "https://openssl-library.org/policies/general/security-policy/", "content": {"text": "Low"}}, "format": "other"}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"status": "affected", "version": "3.6.0", "lessThan": "3.6.2", "versionType": "semver"}, {"status": "affected", "version": "3.5.0", "lessThan": "3.5.6", "versionType": "semver"}, {"status": "affected", "version": "3.4.0", "lessThan": "3.4.5", "versionType": "semver"}, {"status": "affected", "version": "3.3.0", "lessThan": "3.3.7", "versionType": "semver"}, {"status": "affected", "version": "3.0.0", "lessThan": "3.0.20", "versionType": "semver"}, {"status": "affected", "version": "1.1.1", "lessThan": "1.1.1zg", "versionType": "custom"}, {"status": "affected", "version": "1.0.2", "lessThan": "1.0.2zp", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-07T14:00:00.000Z", "references": [{"url": "https://openssl-library.org/news/secadv/20260407.txt", "name": "OpenSSL Advisory", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "name": "3.6.2 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "name": "3.5.6 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "name": "3.4.5 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "name": "3.3.7 git commit", "tags": ["patch"]}, {"url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "name": "3.0.20 git commit", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "supportingMedia": [{"type": "text/html", "value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension<br>is processed a NULL pointer dereference might happen if the required CRL<br>Number extension is missing.<br><br>Impact summary: A NULL pointer dereference can trigger a crash which<br>leads to a Denial of Service for an application.<br><br>When CRL processing and delta CRL processing is enabled during X.509<br>certificate verification, the delta CRL processing does not check<br>whether the CRL Number extension is NULL before dereferencing it.<br>When a malformed delta CRL file is being processed, this parameter<br>can be NULL, causing a NULL pointer dereference.<br><br>Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in<br>the verification context, the certificate being verified to contain a<br>freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and<br>an attacker to provide a malformed CRL to an application that processes it.<br><br>The vulnerability is limited to Denial of Service and cannot be escalated to<br>achieve code execution or memory disclosure. For that reason the issue was<br>assessed as Low severity according to our Security Policy.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br>as the affected code is outside the OpenSSL FIPS module boundary.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2026-04-07T22:00:52.382Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28388", "state": "PUBLISHED", "dateUpdated": "2026-04-10T20:18:43.095Z", "dateReserved": "2026-02-27T13:45:02.161Z", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "datePublished": "2026-04-07T22:00:52.382Z", "assignerShortName": "openssl"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary."}], "id": "CVE-2026-28388", "lastModified": "2026-04-10T21:16:23.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T22:16:20.863", "references": [{"source": "openssl-security@openssl.org", "url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e"}, {"source": "openssl-security@openssl.org", "url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139"}, {"source": "openssl-security@openssl.org", "url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3"}, {"source": "openssl-security@openssl.org", "url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8"}, {"source": "openssl-security@openssl.org", "url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726"}, {"source": "openssl-security@openssl.org", "url": "https://openssl-library.org/news/secadv/20260407.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "openssl-security@openssl.org", "type": "Secondary"}]}

{"bugzilla": {"description": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "id": "2451097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451097"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, ensure that delta CRL processing is not enabled in applications that do not require it. This vulnerability is only exploitable when the `X509_V_FLAG_USE_DELTAS` flag is explicitly set within the X.509 verification context. Review application configurations to confirm that this flag is not enabled unless absolutely necessary for your security policy. Disabling this flag will prevent the vulnerable code path from being exercised. Specific implementation details will vary depending on the application utilizing X.509 certificate verification."}, "name": "CVE-2026-28388", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "shim-unsigned-aarch64", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "shim-unsigned-aarch64", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "shim-unsigned-x64", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28388\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28388\nhttps://openssl-library.org/news/secadv/20260407.txt"], "statement": "Low impact. This vulnerability in X.509 certificate verification can lead to a Denial of Service (DoS) due to a NULL pointer dereference when processing a malformed delta Certificate Revocation List (CRL). Exploitation requires the `X509_V_FLAG_USE_DELTAS` flag to be enabled in the verification context, a certificate with a `freshestCRL` extension or a base CRL with `EXFLAG_FRESHEST` set, and an attacker-provided malformed CRL. This flaw is limited to DoS and does not allow for code execution or memory disclosure.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.6.0,3.6.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.5.0,3.5.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.4.0,3.4.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.3.0,3.3.7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.0.0,3.0.20)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.1.1,1.1.1zg)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.2,1.0.2zp)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenSSL", "source": "cna", "vendor": "OpenSSL"}, "product": "openssl", "vendor": "openssl"}], "analysis": {"en": {"generated_at": "2026-04-07T23:12:32.255408+00:00", "value": {"mitigation_remediation": ["Update OpenSSL to the latest version that includes the fix defined in the referenced commits."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The problem resides in the standard OpenSSL library; FIPS modules (3.0 through 3.6) are not affected. All OpenSSL builds that enable CRL and delta CRL processing while using the X509_V_FLAG_USE_DELTAS flag are vulnerable. The exact version range is not specified, but any build containing the unpatched code is susceptible.", "description_and_impact": "The vulnerability is a NULL pointer dereference that occurs when an application processes a delta CRL containing a Delta CRL Indicator extension but missing the required CRL Number extension. A maliciously crafted CRL can cause the OpenSSL library to dereference a null pointer, resulting in an application crash and a denial of service. This issue is purely a crash condition and does not lead to code execution or information disclosure.", "risk_and_exploitability": "The CVSS assessment is Low severity. Exploitation requires enabling delta CRL processing, providing a certificate with a freshestCRL extension or a base CRL marked EXFLAG_FRESHEST, and delivering a malformed delta CRL to the target application. Attackers can cause service disruption but cannot achieve remote code execution or data exfiltration. The probability of exploitation is low, and the vulnerability is not listed in the CISA KEV catalog."}}}}, "created": "2026-04-08T19:33:56.860656+00:00", "updated": "2026-04-08T19:45:20.225520+00:00", "vendors": ["openssl", "openssl$PRODUCT$openssl"]}