Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License オープンソース

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
131	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
132	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
133	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
134	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
135	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
136	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
137	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
138	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
139	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
140	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
131	5.9 4.3	MEDIUM Network	ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection…	CWE-310 CWE-200 Cryptographic Issues Information Exposure	CVE-2015-3197	cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2.3:a:openssl:openssl:1.0.2c:* cpe:2…				2024-11-21 11:28 2016-02-15	Show	GitHub Exploit DB Packet Storm

132	7.5 5.0	HIGH Network	crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.…	CWE-476 NULL Pointer Dereference	CVE-2015-3194	cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2.3:a:openssl:openssl:1.0.2c:* cpe:2.3:a:openssl:openssl:1.0.2b:* cpe:2…				2024-11-21 11:28 2015-12-7	Show	GitHub Exploit DB Packet Storm

133	7.5 5.0	HIGH Network	The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and pro…	CWE-200 Information Exposure	CVE-2015-3193	cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2.3:a:openssl:openssl:1.0.2c:* cpe:2.3:a:openssl:openssl:1.0.2b:* cpe:2…				2024-11-21 11:28 2015-12-7	Show	GitHub Exploit DB Packet Storm

134	- 5.0	MEDIUM	The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-He…	CWE-189 Numeric Errors	CVE-2015-1794	cpe:2.3:a:openssl:openssl:1.0.2d:* cpe:2.3:a:openssl:openssl:1.0.2c:* cpe:2.3:a:openssl:openssl:1.0.2b:* cpe:2…				2024-11-21 11:26 2015-12-7	Show	GitHub Exploit DB Packet Storm

135	- 4.3	MEDIUM	ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which a…	CWE-362 Race Condition	CVE-2015-3196	cpe:2.3:a:openssl:openssl:1.0.1o:* cpe:2.3:a:openssl:openssl:1.0.1n:* cpe:2.3:a:openssl:openssl:1.0.1m:* cpe:2…				2024-11-21 11:28 2015-12-7	Show	GitHub Exploit DB Packet Storm

136	5.3 5.0	MEDIUM Network	The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_…	CWE-200 Information Exposure	CVE-2015-3195	cpe:2.3:a:openssl:openssl::	1.0.0 1.0.1 1.0.2		0.9.8zh 1.0.0t 1.0.1q 1.0.2e	2024-11-21 11:28 2015-12-7	Show	GitHub Exploit DB Packet Storm

137	6.5 6.4	MEDIUM Network	The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative …	CWE-254 7PK - Security Features	CVE-2015-1793	cpe:2.3:a:openssl:openssl:1.0.2c:* cpe:2.3:a:openssl:openssl:1.0.2b:* cpe:2.3:a:openssl:openssl:1.0.1o:* cpe:2…				2024-11-21 11:26 2015-07-10	Show	GitHub Exploit DB Packet Storm

138	- 4.3	MEDIUM	Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 an…	CWE-189 CWE-362 Numeric Errors Race Condition	CVE-2015-3216	cpe:2.3:a:openssl:openssl:1.0.1e-25.el7:*				2024-11-21 11:28 2015-07-7	Show	GitHub Exploit DB Packet Storm

139	- 5.0	MEDIUM	The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (…	CWE-399 Resource Management Errors	CVE-2015-1792	cpe:2.3:a:openssl:openssl:1.0.2a:* cpe:2.3:a:openssl:openssl:1.0.2:beta1 cpe:2.3:a:openssl:openssl:1.0.2:* cpe…		0.9.8zf		2024-11-21 11:26 2015-06-13	Show	GitHub Exploit DB Packet Storm

140	- 6.8	MEDIUM	Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threade…	CWE-362 Race Condition	CVE-2015-1791	cpe:2.3:a:openssl:openssl:1.0.2a:* cpe:2.3:a:openssl:openssl:1.0.2:beta1 cpe:2.3:a:openssl:openssl:1.0.2:* cpe…		0.9.8zf		2024-11-21 11:26 2015-06-13	Show	GitHub Exploit DB Packet Storm