Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026020208023434 | Publication Time | 2026/02/02 08:54 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/02/02 08:54 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in the OpenSSL Library (CVE-2025-15467) |
|||
| [Content] Forwarded from TWCERTCC-200-202601-00000029 OpenSSL is an open-source cryptographic toolkit primarily used for secure communications, SSL/TLS protocol implementations, and certificate management. It supports multiple cryptographic algorithms and is widely used in servers and applications. Recently, OpenSSL released a security update to address a critical security vulnerability (CVE-2025-15467, CVSS: 9.8). This is a stack-based buffer overflow vulnerability that may cause abnormal program termination, leading to denial-of-service (DoS) attacks, and may even result in remote code execution. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] OpenSSL library versions 3.5.0 through earlier than 3.5.5 (exclusive) OpenSSL library versions 3.4.0 through earlier than 3.4.4 (exclusive) OpenSSL library versions 3.3.0 through earlier than 3.3.6 (exclusive) OpenSSL library versions 3.0.0 through earlier than 3.0.19 (exclusive) |
|||
|
[Recommended Actions] OpenSSL library version 3.6.1 or later, OpenSSL library version 3.5.5 or later, OpenSSL library version 3.4.4 or later, OpenSSL library version 3.3.6 or later, OpenSSL library version 3.0.19 or later. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10692-38c40-1.html |
|||