CNNVD-202506-1931 Information
CNNVD ID
CNNVD-202506-1931
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.0.0至3.3.2版本存在安全漏洞,该漏洞源于Minerva攻击,可能导致私钥提取。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. Security loopholes exist in versions 3.0.0 to 3.3.2 of OpenSSL, which originate from the Minerva attack and may lead to private key extraction.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2025-06-16
Last Modified
2026-02-24
References
https://minerva.crocs.fi.muni.cz https://github.com/openssl/openssl/issues/24253 https://access.redhat.com/security/cve/cve-2025-27587 https://www.oracle.com/security-alerts/cpuoct2025.html
Patch
https://github.com/openssl/openssl/releases
Share on: