Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	OpenSSL License Original SSLeay License オープンソース商用ライセンス有り Apache License v2.0

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
141	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
142	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
143	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
144	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
145	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
146	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
147	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
148	openssl 3	3.6.3	June 9, 2026			4	26	19	1
149	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
150	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
141	- 5.0	MEDIUM	The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of servi…	NVD-CWE-Other	CVE-2015-1790	cpe:2.3:a:openssl:openssl:1.0.2a:* cpe:2.3:a:openssl:openssl:1.0.2:beta1 cpe:2.3:a:openssl:openssl:1.0.2:* cpe…		0.9.8zf	2024-11-21 11:26 2015-06-13	Show	GitHub Exploit DB Packet Storm

142	7.5 4.3	HIGH Network	The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2015-1789	cpe:2.3:a:openssl:openssl:1.0.2a:* cpe:2.3:a:openssl:openssl:1.0.2:beta1 cpe:2.3:a:openssl:openssl:1.0.2:* cpe…		0.9.8zf	2024-11-21 11:26 2015-06-13	Show	GitHub Exploit DB Packet Storm

143	- 4.3	MEDIUM	The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in whi…	CWE-399 Resource Management Errors	CVE-2015-1788	cpe:2.3:a:openssl:openssl:1.0.2a:* cpe:2.3:a:openssl:openssl:1.0.2:beta1 cpe:2.3:a:openssl:openssl:1.0.2:* cpe…		0.9.8zf	2024-11-21 11:26 2015-06-13	Show	GitHub Exploit DB Packet Storm

144	- 7.5	HIGH	The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive betw…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-8176	cpe:2.3:a:openssl:openssl:1.0.1g:* cpe:2.3:a:openssl:openssl:1.0.1f:* cpe:2.3:a:openssl:openssl:1.0.1e:* cpe:2…		0.9.8z	2024-11-21 11:18 2015-06-13	Show	GitHub Exploit DB Packet Storm

145	3.7 4.3	LOW Network	The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to c…	CWE-310 Cryptographic Issues	CVE-2015-4000	cpe:2.3:a:openssl:openssl::	1.0.1 1.0.2	1.0.1m 1.0.2a 1.0.1m	2024-11-21 11:30 2015-05-21	Show	GitHub Exploit DB Packet Storm

146	- 2.6	LOW	The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to c…	CWE-20 Improper Input Validation	CVE-2015-1787	cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1…			2024-11-21 11:26 2015-03-20	Show	GitHub Exploit DB Packet Storm

147	- 5.0	MEDIUM	The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure …	CWE-20 Improper Input Validation	CVE-2015-0293	cpe:2.3:a:openssl:openssl:1.0.2:* cpe:2.3:a:openssl:openssl:1.0.1l:* cpe:2.3:a:openssl:openssl:1.0.1k:* cpe:2.…		0.9.8ze	2024-11-21 11:22 2015-03-20	Show	GitHub Exploit DB Packet Storm

148	- 7.5	HIGH	Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote a…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2015-0292	cpe:2.3:a:openssl:openssl:1.0.1g:* cpe:2.3:a:openssl:openssl:1.0.1f:* cpe:2.3:a:openssl:openssl:1.0.1e:* cpe:2…		0.9.8z	2024-11-21 11:22 2015-03-20	Show	GitHub Exploit DB Packet Storm

149	- 5.0	MEDIUM	The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_al…	NVD-CWE-Other	CVE-2015-0291	cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1…			2024-11-21 11:22 2015-03-20	Show	GitHub Exploit DB Packet Storm

150	- 5.0	MEDIUM	The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases…	CWE-17 Code	CVE-2015-0290	cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1…			2024-11-21 11:22 2015-03-20	Show	GitHub Exploit DB Packet Storm