CNNVD-202601-4533 Information
CNNVD ID
CNNVD-202601-4533
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.6版本、3.5版本、3.4版本、3.3版本、3.0版本和1.1.1版本存在安全漏洞,该漏洞源于低级别OCB API处理非16字节对齐输入不当,可能导致部分数据以明文暴露且未经身份验证。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL Version 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 have a security loophole, which stems from the inappropriate input of low-level OCB API processing non-16 byte, which may result in some data being explicitly exposed and unidentified.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8 https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347 https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: