CNNVD-202601-4542 Information
CNNVD ID
CNNVD-202601-4542
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在安全漏洞,该漏洞源于SSL_CIPHER_find函数处理未知密码套件时存在空指针取消引用,可能导致拒绝服务。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL has a security loophole, which stems from the empty pointer unreferenced when the SSL CIPHER find function handles an unknown password package, which may lead to the denial of service.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65 https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2 https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4 https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7 https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: