2 matches found
SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:1255-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1255-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta C...
CVE-2026-28389
CVE-2026-28389 describes a NULL pointer dereference in OpenSSL when processing CMS EnvelopedData with KeyAgreeRecipientInfo. If the optional parameters field of KeyEncryptionAlgorithmIdentifier is missing, a NULL dereference can occur, potentially causing DoS via crash during CMS_decrypt() on unt...