OpenBSD 7.2 errata 018, February 7, 2023:

A malicious certificate revocation list or timestamp response token would
allow an attacker to read arbitrary memory.

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

diff --git a/crypto/x509/x509_genn.c b/crypto/x509/x509_genn.c
index dadf6f1e4..1905e8cac 100644
--- a/crypto/x509/x509_genn.c
+++ b/crypto/x509/x509_genn.c
@@ -366,7 +366,8 @@ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
 		return -1;
 	switch (a->type) {
 	case GEN_X400:
-		result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+		result = ASN1_STRING_cmp((ASN1_STRING *)a->d.x400Address,
+		    (ASN1_STRING *)b->d.x400Address);
 		break;
 
 	case GEN_EDIPARTY: