SB2026050306 - openEuler 24.03 LTS SP1 update for compat-openssl11
Published: May 3, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2026-22795)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when parsing PKCS#12 file. A remote attacker can pass a specially crafted PKCS#12 file to the application and perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2026-28387)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in DANE client code when processing server DANE TLSA records during TLSA-based server authentication. A remote attacker can provide crafted TLSA records to execute arbitrary code.
The issue only affects clients that use both PKIX-TA(0) or PKIX-EE(1) certificate usages together with the DANE-TA(2) certificate usage, and the server must publish a TLSA RRset containing both record types.
3) NULL pointer dereference (CVE-ID: CVE-2026-28388)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to NULL pointer dereference in delta CRL processing during X.509 certificate verification when processing a malformed delta CRL that contains a Delta CRL Indicator extension but lacks a CRL Number extension. A remote attacker can provide a malformed CRL to cause a denial of service.
Exploitation requires delta CRL processing to be enabled in the verification context and the certificate or base CRL to indicate freshest CRL processing.
4) NULL pointer dereference (CVE-ID: CVE-2026-28389)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to NULL pointer dereference in CMS KeyAgreeRecipientInfo processing when processing a crafted CMS EnvelopedData message with a missing optional parameters field. A remote attacker can send a crafted CMS message to cause a denial of service.
Applications and services that call CMS_decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected.
5) NULL pointer dereference (CVE-ID: CVE-2026-28390)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to NULL pointer dereference in CMS KeyTransportRecipientInfo processing when processing a crafted CMS EnvelopedData message using RSA-OAEP with a missing optional parameters field. A remote attacker can send a crafted CMS message to cause a denial of service.
Applications and services that call CMS_decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected.
Remediation
Install update from vendor's website.