MNBSD-2026-30: use-after-free in DANE client code

Severity: Unknown

Affected Package: openssl

Summary: use-after-free in DANE client code

Description

An uncommon configuration of clients performing DANE TLSA-based server authentication, paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side, with potential consequences including data corruption, crashes, or arbitrary code execution. Severity: Low (OpenSSL).

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-28387

Published: June 11, 2026
Last Modified: June 11, 2026