CNNVD-202509-4470 Information
CNNVD ID
CNNVD-202509-4470
Related CVE
- CNNVD Published: 2025-09-30
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.0.16版本、3.1.8版本、3.2.4版本、3.3.3版本、3.4.0版本和3.5.0版本存在安全漏洞,该漏洞源于HTTP客户端API函数在处理IPv6地址时存在越界读取,可能导致拒绝服务攻击。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL version 3.0.16, version 3.1.8, version 3.2.4, version 3.3.3, version 3.4.0 and version 3.5.0 have a security loophole, which stems from the fact that the HTTP client API function has cross-border access to IPv6 addresses, which may lead to a denial of service attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2025-09-30
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35 https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0 https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b https://openssl-library.org/news/secadv/20250930.txt https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3 https://vigilance.fr/vulnerability/OpenSSL-out-of-bounds-memory-reading-via-HTTP-Client-No-proxy-48346