CVE-2026-35188 Double-free When Checking OCSP Stapled Response

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 ...)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera Faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application on Demand, and IBM Aspera Azure on Demand. IBM Aspera Transf...

openssl: OCSP Status Request extension unbounded memory growth

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...

openssl: OCSP Status Request extension unbounded memory growth

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...

openssl: OCSP Status Request extension unbounded memory growth

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...