Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Excessive Resource Usage Verifying X.509 Policy Constraints
Vulnerability Description
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL 信任管理问题漏洞
Vulnerability Description
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL存在信任管理问题漏洞,该漏洞源于 X.509 证书链策略约束存在问题,攻击者利用该漏洞可以通过创建恶意证书链触发计算资源的指数使用,从而导致对受影响系统的拒绝服务 (DoS) 。
CVSS Information
N/A
Vulnerability Type
N/A