CNNVD-202601-4530 Information
CNNVD ID
CNNVD-202601-4530
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.6、3.5、3.4、3.3、3.0、1.1.1和1.0.2版本存在安全漏洞,该漏洞源于PKCS12_item_decrypt_d2i_ex函数处理畸形PKCS#12文件不当,可能导致空指针取消引用和拒绝服务。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. Releases 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 contain a security loophole resulting from the inappropriate handling of abnormal PKCS#12 files in the PKCS12 item decrypt d2i ex function, which may lead to the cancellation of references and denial of services by an empty pointer.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7 https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3 https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: