Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL 加密问题漏洞
Vulnerability Description
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL中存在安全漏洞,该漏洞源于程序没有适当限制证书数据。远程攻击者可通过在证书无符号部分添加特制数据,利用该漏洞破坏fingerprint-based certificate-blacklist保护机制。以下版本受到影响:OpenSSL 0.9.8zd之前版本,1.0.0p之前1.0.0版本,1.0.
CVSS Information
N/A
Vulnerability Type
N/A