Wang Kenaz

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the `status request` extension. This triggers a double-free in the client's certificate verification path when the stapled response is checked. A double-free occurs when a program attempts to free the same memory location twice, which can corrupt heap memory. This may lead to a Denial of Service, attacker-controlled code execution, or other undefined behavior. OCSP stapling is not enabled by default. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling OCSP stapling to minimize the risk of exploitation.