CNNVD-202601-4531 Information
CNNVD ID
CNNVD-202601-4531
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.6版本、3.5版本、3.4版本、3.3版本、3.0版本和1.1.1版本存在安全漏洞,该漏洞源于时间戳响应验证代码存在类型混淆,可能导致空指针取消引用和拒绝服务。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL Versions 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 contain a security loophole, which stems from the type of confusion in the time stamp response to the authentication code, which may lead to the cancellation of references and denial of services by the empty pointer.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9 https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: