CNNVD-202601-4541 Information
CNNVD ID
CNNVD-202601-4541
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.5版本和3.6版本存在安全漏洞,该漏洞源于openssl dgst命令行工具对输入数据静默截断,可能导致签名或验证文件时完整性缺失。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. There is a security loophole in OpenSSL version 3.5 and 3.6, which stems from the silent cut-off of input data in the opensl dgst command line tool, which may lead to a lack of integrity when signing or authenticating the document.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: