commit 6297bdc962e9f2ecb436e26dc51f4fff653a0a89
Author: Daniel Kubec <kubec@openssl.org>
Date:   Tue Mar 17 11:11:22 2026 +0100

    Fix NULL Dereference When Delta CRL Lacks CRL Number Extension
    
    Fixes CVE-2026-28388
    Fixes https://github.com/openssl/srt/issues/77

Index: openssl-1.1.1d/crypto/x509/x509_vfy.c
===================================================================
--- openssl-1.1.1d.orig/crypto/x509/x509_vfy.c
+++ openssl-1.1.1d/crypto/x509/x509_vfy.c
@@ -1106,6 +1106,8 @@ static int check_delta_base(X509_CRL *de
     if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
         return 0;
     /* Delta CRL number must exceed full CRL number */
+    if (delta->crl_number == NULL)
+        return 0;
     if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
         return 1;
     return 0;