好的,用户让我用中文总结一篇文章,控制在100字以内,不需要特定的开头。我需要先仔细阅读文章内容,抓住关键点。 文章主要讲的是OpenSSL发布了安全更新,修复了12个漏洞,其中包括一个高危的远程代码执行漏洞。这些漏洞涉及内存安全、解析稳健性和资源处理等方面。其中有两个最严重的漏洞,分别是CVE-2025-15467和CVE-2025-11187,分别涉及CMS和PKCS#12的处理问题。其他漏洞则被评估为低危,主要影响DoS或特定场景下的完整性。 接下来,我需要将这些信息浓缩到100字以内。要确保涵盖OpenSSL发布更新、修复的漏洞数量、严重性以及主要问题点。同时,保持语言简洁明了。 可能的结构是:首先说明 OpenSSL 发布了安全更新,修复了12个漏洞;然后指出其中包含一个高危远程代码执行漏洞;接着简要提到这些漏洞涉及哪些方面;最后提到两个最严重的漏洞及其影响。 这样组织起来应该能在字数限制内准确传达文章的核心内容。 </think> OpenSSL发布安全更新修复12个漏洞,包括高危远程代码执行风险。问题涉及内存安全、解析稳健性和资源处理等。其中两个严重漏洞分别为CMS AuthEnvelopedData AEAD IV堆栈溢出和PKCS#12 PBMAC1堆栈溢出/指针问题。其他漏洞主要影响DoS或特定场景下的完整性。 2026-1-29 08:35:1 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability.
OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw.
Cybersecurity firm Aisle discovered the twelve vulnerabilities.
The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling. The flaws include stack and heap overflows in PKCS#12 and CMS parsing, NULL pointer dereferences and type-confusion bugs in ASN.1, PKCS#7, QUIC, and TimeStamp handling that can cause denial of service, and out-of-bounds writes in auxiliary APIs like BIO filters. OpenSSL also corrected a logic bug in the CLI signing tool that failed to fully authenticate large inputs, a TLS 1.3 certificate compression issue that enabled memory exhaustion, and a low-level OCB mode flaw that could leave data partially unprotected.
The two most severe issues are:
- CVE‑2025‑15467 – CMS AuthEnvelopedData AEAD IV stack overflow – A stack buffer overflow in OpenSSL CMS/PKCS#7 AEAD parsing lets attackers supply an oversized IV that overflows a fixed stack buffer before authentication. The flaw can cause DoS or potentially lead to RCE and affects OpenSSL 3.0–3.6 when parsing untrusted AuthEnvelopedData.
- CVE‑2025‑11187 – PBMAC1 in PKCS#12 stack overflow / pointer issues – A validation flaw in OpenSSL PKCS#12 PBMAC1 lets attackers abuse PBKDF2 parameters to overflow a fixed 64-byte stack buffer during MAC verification. The issue can trigger DoS and potentially code execution. It affects OpenSSL 3.4–3.6 when parsing untrusted PKCS#12 files.
Other 2026 issues are assessed as Low severity in the bulletin and are primarily constrained to Denial of Service or integrity gaps in narrower usage scenarios (CLI tools, legacy PKCS#7, TimeStamp, BIO filters, OCB low‑level API, PKCS#12 parsing type confusions with DoS‑only impact).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
如有侵权请联系:admin#unsafe.sh