CNNVD-202509-4472 Information
CNNVD ID
CNNVD-202509-4472
Related CVE
- CNNVD Published: 2025-09-30
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.5版本、3.4版本、3.3版本、3.2版本、3.1版本和3.0版本存在安全漏洞,该漏洞源于解密基于密码加密的CMS消息时存在越界读取和写入,可能导致拒绝服务或执行任意代码。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL Version 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 have a security loophole that stems from the cross-border reading and writing of code-encrypted CMS messages that are decrypted and encrypted, which may lead to the denial of services or the enforcement of arbitrary codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2025-09-30
Last Modified
2026-02-24
References
https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3 https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482 https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280 https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd https://openssl-library.org/news/secadv/20250930.txt https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def https://www.oracle.com/security-alerts/cpujan2026.html