CNNVD-202601-4535 Information
CNNVD ID
CNNVD-202601-4535
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.6版本、3.5版本、3.4版本、3.3版本、3.0版本、1.1.1版本和1.0.2版本存在安全漏洞,该漏洞源于行缓冲BIO过滤器处理不当,可能导致基于堆的越界写入和内存损坏。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL Version 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2 contain a security loophole, which stems from the inappropriate handling of line buffer BIO filters and may result in cross-border writing and memory damage based on stacks.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6 https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0 https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: