CNNVD-202601-4544 Information
CNNVD ID
CNNVD-202601-4544
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在安全漏洞,该漏洞源于PBMAC1参数缺少验证,可能导致栈缓冲区溢出、无效指针或空指针取消引用。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL has a security loophole, which stems from the lack of validation of PBMAC1 parameters, which may lead to spills of an invalid pointer or the cancellation of references by an empty pointer in the buffer zone.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206 https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8 https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e https://openssl-library.org/news/secadv/20260127.txt
Patch
https://github.com/openssl/openssl/releases
Share on: