Bernd Edlinger discovered that malformed data passed to the SSL_check_chain function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service. The oldstable distribution is not affected.