CNNVD-202601-4467 Information
CNNVD ID
CNNVD-202601-4467
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在安全漏洞,该漏洞源于解析CMS AuthEnvelopedData消息时对AEAD参数处理不当,可能导致栈缓冲区溢出。以下版本受到影响:3.6版本、3.5版本、3.4版本、3.3版本和3.0版本。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL has a security loophole, which stems from the mishandling of AEAD parameters in the analysis of CMS AuthEnvelopedData information, which could lead to the spilling of the fence. The following versions were affected: 3.6, 3.5, 3.4, 3.3 and 3.0.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703 https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9 https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3 https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc https://openssl-library.org/news/secadv/20260127.txt http://www.openwall.com/lists/oss-security/2026/01/27/10 https://access.redhat.com/security/cve/cve-2025-15467
Patch
https://github.com/openssl/openssl/releases
Share on: