The vulnerability in Erlang OTP's public_key module (pubkey_ocsp) arises from improper certificate validation in the OCSP response validation function public_key:pkix_ocsp_validate/5. The function does not verify that the OCSP responder certificate is cryptographically signed by the issuing CA, only checking that the issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. This allows an attacker capable of intercepting or controlling OCSP responses to create a self-signed certificate with a matching issuer name and OCSPSigning EKU, enabling them to forge OCSP responses that incorrectly indicate revoked certificates as valid. Affected versions include OTP 27.0 through 28.4.2 and related public_key and ssl versions. The vulnerability affects SSL/TLS clients using OCSP stapling and applications directly using the vulnerable API, potentially allowing acceptance of revoked certificates and exposure of sensitive data to compromised servers.

The vulnerability allows attackers who can intercept or control OCSP responses to bypass OCSP designated-responder authorization, enabling them to forge OCSP responses that mark revoked certificates as valid. This can lead SSL/TLS clients using OCSP stapling to accept connections to servers with revoked certificates, potentially exposing sensitive data to compromised servers. The impact on applications using the public_key:pkix_ocsp_validate/5 API depends on how the API is used, but generally involves trust decisions based on invalid OCSP responses.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider alternative OCSP validation methods or disable OCSP stapling if feasible to mitigate the risk. Monitor Erlang OTP vendor advisories for updates and apply patches promptly once available.