Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-35188
PUBLISHED
More InfoOfficial Page
Assigner-openssl
Assigner Org ID-3a12439a-ef3a-4c79-92e6-6081a721f1e5
View Known Exploited Vulnerability (KEV) details
Published At-09 Jun, 2026 | 16:03
Updated At-10 Jun, 2026 | 20:02
Rejected At-
▼CVE Numbering Authority (CNA)
Double-free When Checking OCSP Stapled Response

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a double-free, potentially leading to a Denial of Service or possibly an attacker controlled code execution or other undefined behavior. If OCSP stapling is enabled and the TLS client connects to a malicious server, a crafted OCSP stapled response can trigger a double free in the TLS client when the stapled response is checked. The OCSP stapling is not enabled by default. Reliable code execution through a double-free is technically complex and highly environment-dependent but the Denial of Service impact is straightforward to achieve, warranting Moderate severity. No FIPS modules are affected by this issue as the affected code is outside the OpenSSL FIPS module boundary.

Affected Products
Vendor
OpenSSLOpenSSL
Product
OpenSSL
Default Status
unaffected
Versions
Affected
  • From 4.0.0 before 4.0.1 (semver)
  • From 3.6.0 before 3.6.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-415CWE-415 Double Free
Type: CWE
CWE ID: CWE-415
Description: CWE-415 Double Free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
https://openssl-library.org/policies/general/security-policy/
text:
Moderate
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Wang Kenaz (University of Illinois)
reporter
Guido Vranken (Aisle Research)
reporter
Aaron Grattafiori (Nvidia)
remediation developer
Daniel Kubec
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://openssl-library.org/news/secadv/20260609.txt
vendor-advisory
https://github.com/openssl/openssl/commit/78d0154cffda03aaaac63a087cc523a6b35fa8fd
patch
https://github.com/openssl/openssl/commit/131145d25659e8749a9ed1afb383484854cffb78
patch
Hyperlink: https://openssl-library.org/news/secadv/20260609.txt
Resource:
vendor-advisory
Hyperlink: https://github.com/openssl/openssl/commit/78d0154cffda03aaaac63a087cc523a6b35fa8fd
Resource:
patch
Hyperlink: https://github.com/openssl/openssl/commit/131145d25659e8749a9ed1afb383484854cffb78
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.15.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found