CNNVD-202601-4525 Information
CNNVD ID
CNNVD-202601-4525
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.6版本、3.5版本、3.4版本、3.3版本、3.0版本和1.1.1版本存在安全漏洞,该漏洞源于PKCS#12解析代码存在类型混淆,未验证类型即访问ASN1_TYPE联合体成员,可能导致处理畸形PKCS#12文件时取消引用无效或空指针,引发拒绝服务。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL Version 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 have a security loophole, which stems from the type of confusion in the PKCS#12 resolution code, i.e. access to members of the ASN1 TYPE consortium without authentication, which may lead to invalid or empty references to PKCS#12 files being processed, triggering the denial of services.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4 https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49 https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12 https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: