CNNVD-202601-4536 Information
CNNVD ID
CNNVD-202601-4536
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.6版本、3.5版本、3.4和3.3版本存在安全漏洞,该漏洞源于处理压缩证书时未检查长度限制,可能导致内存过度分配和拒绝服务。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL versions 3.6, 3.5, 3.4 and 3.3 contain a security loophole, which stems from the failure to check length limits when processing compressed certificates and may lead to overallocation of memory and denial of services.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4 https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451 https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5 https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: