CNNVD-202601-4532 Information
CNNVD ID
CNNVD-202601-4532
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.6版本、3.5版本、3.4版本、3.3版本、3.0版本和1.1.1版本存在安全漏洞,该漏洞源于PKCS12_get_friendlyname函数处理特制PKCS#12文件不当,可能导致越界写入和内存损坏。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. The OpenSSL Version 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 contains a security loophole resulting from the inappropriate handling of the special PKCS#12 file in the PKCS12 get friendlyname function, which may cause cross-border writing and memory damage.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296 https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2 https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015 https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: