| openssl | Number Of NVD | 271 | CRITICAL | 16 | HIGH | 87 | MEDIUM | 152 | LOW | 16 |
| URL | https://www.openssl.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。 サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。 古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。 |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | リリースに関する説明とサポート終了バージョンについて | https://www.openssl.org/policies/releasestrat.html | |
| 2 | opensslのGit | https://github.com/openssl/openssl | |
| 3 | 脆弱性情報のページ | https://www.openssl.org/news/vulnerabilities.html | |
| 4 | サポート契約 | https://www.openssl.org/support/contracts.html |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 111 | openssl 1.1.1(LTS) | 1.1.1w | Sept. 11, 2023 | Sept. 11, 2018 | Sept. 11, 2023 | 3 | 20 | 25 | 2 | ||
| 112 | openssl 1.1.0 | 1.1.0j | Nov. 20, 2018 | Aug. 26, 2016 | Aug. 31, 2018 | 1 | 12 | 14 | 2 | ||
| 113 | openssl 1.0.2(LTS) | 1.0.2u | Dec. 20, 2019 | Jan. 23, 2015 | Dec. 31, 2019 | 9 | 35 | 64 | 10 | ||
| 114 | openssl 1.0.1 | 1.0.1t | May 3, 2016 | March 14, 2012 | Dec. 31, 2016 | 7 | 25 | 58 | 5 | ||
| 115 | openssl 1.0.0 | 1.0.0t | Dec. 3, 2015 | March 29, 2010 | Dec. 31, 2015 | 1 | 14 | 57 | 5 | ||
| 116 | openssl 0.9.8 | 0.9.8zh | Dec. 4, 2015 | July 6, 2005 | Dec. 31, 2015 | 1 | 5 | 9 | 3 | ||
| 117 | openssl a.00(LTS) | a.00.09.07l | 0 | 0 | 0 | 0 | |||||
| 118 | New!! openssl 3 | 3.6.3 | June 9, 2026 | 4 | 26 | 19 | 1 | ||||
| 119 | openssl 1.0(LTS) | 1.0.2zf | 7 | 29 | 80 | 7 | |||||
| 120 | openssl 0.9(LTS) | 0.9.8zh | 2 | 30 | 76 | 7 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 111 |
7.5 5.0 |
HIGH
Network |
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial… |
CWE-125
Out-of-bounds Read |
CVE-2016-2180 |
cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2… |
2024-11-21 11:47 2016-08-1 |
Show | GitHub Exploit DB Packet Storm | ||||
| 112 |
5.5 2.1 |
MEDIUM
Local |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA pr… |
CWE-203
Information Exposure Through Discrepancy |
CVE-2016-2178 |
cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2… |
2024-11-21 11:47 2016-06-20 |
Show | GitHub Exploit DB Packet Storm | ||||
| 113 |
9.8 7.5 |
CRITICAL
Network |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or… |
CWE-190
Integer Overflow or Wraparound |
CVE-2016-2177 |
cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2… |
2024-11-21 11:47 2016-06-20 |
Show | GitHub Exploit DB Packet Storm | ||||
| 114 |
8.2 6.4 |
HIGH
Network |
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a … |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-2176 |
cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2… |
1.0.1s |
2024-11-21 11:47 2016-05-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 115 |
7.5 7.8 |
HIGH
Network |
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory … |
CWE-399
Resource Management Errors |
CVE-2016-2109 |
cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2… |
1.0.1s |
2024-11-21 11:47 2016-05-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 116 |
7.5 5.0 |
HIGH
Network |
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruptio… |
CWE-189
Numeric Errors |
CVE-2016-2106 |
cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2… |
1.0.1s |
2024-11-21 11:47 2016-05-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 117 |
7.5 5.0 |
HIGH
Network |
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection… |
CWE-310
Cryptographic Issues |
CVE-2000-1254 | cpe:2.3:a:openssl:openssl:*:* | 0.9.5 |
2024-11-21 08:34 2016-05-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 118 |
9.8 10.0 |
CRITICAL
Network |
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via a… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-2108 |
cpe:2.3:a:openssl:openssl:1.0.2b:* cpe:2.3:a:openssl:openssl:1.0.2a:* cpe:2.3:a:openssl:openssl:1.0.2:beta3 cp… |
1.0.1n |
2024-11-21 11:47 2016-05-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 119 |
5.9 2.6 |
MEDIUM
Network |
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart… |
CWE-310 CWE-200 Cryptographic Issues Information Exposure |
CVE-2016-2107 |
cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2… |
1.0.1s |
2024-11-21 11:47 2016-05-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 120 |
7.5 5.0 |
HIGH
Network |
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption)… |
CWE-190
Integer Overflow or Wraparound |
CVE-2016-2105 |
cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2… |
2024-11-21 11:47 2016-05-5 |
Show | GitHub Exploit DB Packet Storm |