Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Vulnerability Description
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.
CVSS Information
N/A
Vulnerability Type
未能安全地进行程序失效(Failing Open)
Vulnerability Title
pyOpenSSL 安全漏洞
Vulnerability Description
pyOpenSSL是Python Cryptographic Authority开源的一个Python的OpenSSL库封装工具。 pyOpenSSL 0.14.0至26.0.0之前版本存在安全漏洞,该漏洞源于set_tlsext_servername_callback回调中未处理的异常导致连接被接受,可能绕过安全敏感行为。
CVSS Information
N/A
Vulnerability Type
N/A