| openssl | Number Of NVD | 271 | CRITICAL | 16 | HIGH | 87 | MEDIUM | 152 | LOW | 16 |
| URL | https://www.openssl.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。 サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。 古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。 |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | リリースに関する説明とサポート終了バージョンについて | https://www.openssl.org/policies/releasestrat.html | |
| 2 | opensslのGit | https://github.com/openssl/openssl | |
| 3 | 脆弱性情報のページ | https://www.openssl.org/news/vulnerabilities.html | |
| 4 | サポート契約 | https://www.openssl.org/support/contracts.html |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 121 | openssl 1.1.1(LTS) | 1.1.1w | Sept. 11, 2023 | Sept. 11, 2018 | Sept. 11, 2023 | 3 | 20 | 25 | 2 | ||
| 122 | openssl 1.1.0 | 1.1.0j | Nov. 20, 2018 | Aug. 26, 2016 | Aug. 31, 2018 | 1 | 12 | 14 | 2 | ||
| 123 | openssl 1.0.2(LTS) | 1.0.2u | Dec. 20, 2019 | Jan. 23, 2015 | Dec. 31, 2019 | 9 | 35 | 64 | 10 | ||
| 124 | openssl 1.0.1 | 1.0.1t | May 3, 2016 | March 14, 2012 | Dec. 31, 2016 | 7 | 25 | 58 | 5 | ||
| 125 | openssl 1.0.0 | 1.0.0t | Dec. 3, 2015 | March 29, 2010 | Dec. 31, 2015 | 1 | 14 | 57 | 5 | ||
| 126 | openssl 0.9.8 | 0.9.8zh | Dec. 4, 2015 | July 6, 2005 | Dec. 31, 2015 | 1 | 5 | 9 | 3 | ||
| 127 | openssl a.00(LTS) | a.00.09.07l | 0 | 0 | 0 | 0 | |||||
| 128 | New!! openssl 3 | 3.6.3 | June 9, 2026 | 4 | 26 | 19 | 1 | ||||
| 129 | openssl 1.0(LTS) | 1.0.2zf | 7 | 29 | 80 | 7 | |||||
| 130 | openssl 0.9(LTS) | 0.9.8zh | 2 | 30 | 76 | 7 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 121 |
9.8 10.0 |
CRITICAL
Network |
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cau… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-2842 |
cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2… |
2024-11-21 11:48 2016-03-4 |
Show | GitHub Exploit DB Packet Storm | ||||
| 122 |
9.8 10.0 |
CRITICAL
Network |
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (ov… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-0799 |
cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2… |
2024-11-21 11:42 2016-03-4 |
Show | GitHub Exploit DB Packet Storm | ||||
| 123 |
7.5 7.8 |
HIGH
Network |
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing a… |
CWE-399
Resource Management Errors |
CVE-2016-0798 |
cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2… |
2024-11-21 11:42 2016-03-4 |
Show | GitHub Exploit DB Packet Storm | ||||
| 124 |
7.5 5.0 |
HIGH
Network |
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly … |
NVD-CWE-Other
|
CVE-2016-0797 |
cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2… |
2024-11-21 11:42 2016-03-4 |
Show | GitHub Exploit DB Packet Storm | ||||
| 125 |
9.8 10.0 |
CRITICAL
Network |
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory… |
NVD-CWE-Other
|
CVE-2016-0705 |
cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2… |
2024-11-21 11:42 2016-03-4 |
Show | GitHub Exploit DB Packet Storm | ||||
| 126 |
5.1 1.9 |
MEDIUM
Local |
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiati… |
CWE-200
Information Exposure |
CVE-2016-0702 |
cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2… |
2024-11-21 11:42 2016-03-4 |
Show | GitHub Exploit DB Packet Storm | ||||
| 127 |
5.9 4.3 |
MEDIUM
Network |
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0… |
CWE-200
Information Exposure |
CVE-2016-0704 |
cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1… |
0.9.8ze |
2024-11-21 11:42 2016-03-2 |
Show | GitHub Exploit DB Packet Storm | |||
| 128 |
5.9 4.3 |
MEDIUM
Network |
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTE… |
CWE-200
Information Exposure |
CVE-2016-0703 |
cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1… |
0.9.8ze |
2024-11-21 11:42 2016-03-2 |
Show | GitHub Exploit DB Packet Storm | |||
| 129 |
5.9 4.3 |
MEDIUM
Network |
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain p… |
CWE-310 CWE-200 Cryptographic Issues Information Exposure |
CVE-2016-0800 |
cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2… |
2024-11-21 11:42 2016-03-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 130 |
3.7 2.6 |
LOW
Network |
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for… |
CWE-200
Information Exposure |
CVE-2016-0701 |
cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2.3:a:openssl:openssl:1.0.2c:* cpe:2… |
2024-11-21 11:42 2016-02-15 |
Show | GitHub Exploit DB Packet Storm |