Main Vulnerability Database SB2026042858

SB2026042858 - Anolis OS update for openssl

Published: April 28, 2026

Security Bulletin ID SB2026042858

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2026-28388)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to NULL pointer dereference in delta CRL processing during X.509 certificate verification when processing a malformed delta CRL that contains a Delta CRL Indicator extension but lacks a CRL Number extension. A remote attacker can provide a malformed CRL to cause a denial of service.

Exploitation requires delta CRL processing to be enabled in the verification context and the certificate or base CRL to indicate freshest CRL processing.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2026:0555

SB2026042858 - Anolis OS update for openssl

Breakdown by Severity

Description

Remediation

References

Please verify you're human