CNNVD-202507-2482 Information

CNNVD ID

CNNVD-202507-2482

Related CVE

CVE-2025-7394

• CNNVD Published: 2025-07-18

Description (Chinese)

OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在安全漏洞，该漏洞源于RAND_poll函数行为异常，可能导致fork后生成弱随机数。

Description (English)

OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL has a security loophole, which stems from behaviour anomalies in the RAND Poll function, which may result in a weak random number after the fork.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenSSL

Published

2025-07-18

Last Modified

2026-02-24

References

https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 https://access.redhat.com/security/cve/cve-2025-7394