Hyuk Lim

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** A NULL pointer dereference occurs in the OpenSSL QUIC server when receiving a QUIC initial packet containing an invalid or expired token. This issue is triggered specifically when address validation is disabled, which can be achieved by using the `SSL LISTENER FLAG NO VALIDATE` flag within the `SSL new listener()` function. A NULL pointer dereference is a condition where the software attempts to read or write to a memory location that is null, typically resulting in the abnormal termination of the process and a Denial of Service. **Recommendations** Avoid using the `SSL LISTENER FLAG NO VALIDATE` flag in the `SSL new listener()` function to ensure client address validation remains enabled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.