Main Vulnerability Database SB2026042517

SB2026042517 - openEuler 22.03 LTS SP4 update for shim

Published: April 25, 2026

Security Bulletin ID SB2026042517

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2026-28388)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to NULL pointer dereference in delta CRL processing during X.509 certificate verification when processing a malformed delta CRL that contains a Delta CRL Indicator extension but lacks a CRL Number extension. A remote attacker can provide a malformed CRL to cause a denial of service.

Exploitation requires delta CRL processing to be enabled in the verification context and the certificate or base CRL to indicate freshest CRL processing.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2079

SB2026042517 - openEuler 22.03 LTS SP4 update for shim

Breakdown by Severity

Description

Remediation

References

Please verify you're human