3 matches found
CLSA-2026-1778787445 Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389
SECURITY UPDATE: Use-after-free / heap corruption in danematch of the X.509 verifier where the cached DANE-matched certificate was freed via OPENSSLfree instead of X509free, bypassing the X509 reference counting and freeing certificate fields that may still be referenced by other holders. An...
CLSA-2026-1777567502 openssl: Fix of CVE-2026-28387
CVE-2026-28387: fix use-after-free / double-free in danematch by releasing the previously stored dane-mcert with X509free instead of OPENSSLfree; the slot is reference-bumped via X509upref so the matching free is X509free...
CLSA-2026-1777542789 openssl: Fix of CVE-2026-28387
CVE-2026-28387: fix use-after-free / double-free in danematch by releasing the previously stored dane-mcert with X509free instead of OPENSSLfree; the slot is reference-bumped via X509upref so the matching free is X509free...