Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License オープンソース

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
101	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
102	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
103	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
104	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
105	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
106	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
107	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
108	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
109	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
110	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
101	5.9 4.3	MEDIUM Network	The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consu…	CWE-400 Uncontrolled Resource Consumption	CVE-2016-6307	cpe:2.3:a:openssl:openssl:1.1.0:*	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

102	5.9 4.3	MEDIUM Network	The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s…	CWE-125 Out-of-bounds Read	CVE-2016-6306	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2…	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

103	7.5 5.0	HIGH Network	The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_…	CWE-20 Improper Input Validation	CVE-2016-6305	cpe:2.3:a:openssl:openssl:1.1.0:*	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

104	7.5 7.8	HIGH Network	Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2016-6304	cpe:2.3:a:openssl:openssl:1.1.0:* cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.…	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

105	9.8 7.5	CRITICAL Network	Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or poss…	CWE-787 Out-of-bounds Write	CVE-2016-6303	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:55 2016-09-16	Show	GitHub Exploit DB Packet Storm

106	7.5 5.0	HIGH Network	The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of serv…	CWE-20 Improper Input Validation	CVE-2016-6302	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:55 2016-09-16	Show	GitHub Exploit DB Packet Storm

107	9.8 7.5	CRITICAL Network	The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and…	CWE-787 Out-of-bounds Write	CVE-2016-2182	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:47 2016-09-16	Show	GitHub Exploit DB Packet Storm

108	7.5 5.0	HIGH Network	The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cau…	CWE-189 Numeric Errors	CVE-2016-2181	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:47 2016-09-16	Show	GitHub Exploit DB Packet Storm

109	7.5 5.0	HIGH Network	The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial …	CWE-399 Resource Management Errors	CVE-2016-2179	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:47 2016-09-16	Show	GitHub Exploit DB Packet Storm

110	7.5 5.0	HIGH Network	The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for re…	CWE-200 Information Exposure	CVE-2016-2183	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2…	2024-11-21 11:47 2016-09-1	Show	GitHub Exploit DB Packet Storm