Paul Dale

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** The issue arises when an X.509 certificate contains a malformed policy constraint and policy processing is enabled. This results in a write lock being taken twice recursively, leading to a denial of service when the affected process hangs on some operating systems, most notably Windows. Policy processing is enabled by passing the `-policy` argument to the command line utilities or by calling the `X509 VERIFY PARAM set1 policies()` function. It is worth noting that policy processing being enabled on a publicly facing server is not considered a common setup. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.