Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
151 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
152 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
153 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
154 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
155 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
156 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
157 openssl a.00(LTS) a.00.09.07l 0 0 0 0
158 openssl 3 3.6.3 June 9, 2026 4 26 19 1
159 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
160 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
151 -
5.0
MEDIUM The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to … NVD-CWE-Other
CVE-2015-0289 cpe:2.3:a:openssl:openssl:1.0.2:*
cpe:2.3:a:openssl:openssl:1.0.1l:*
cpe:2.3:a:openssl:openssl:1.0.1k:*
cpe:2.…
0.9.8ze 2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
152 -
5.0
MEDIUM The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service… NVD-CWE-Other
CVE-2015-0288 cpe:2.3:a:openssl:openssl:1.0.2:*
cpe:2.3:a:openssl:openssl:1.0.1l:*
cpe:2.3:a:openssl:openssl:1.0.1k:*
cpe:2.…
0.9.8ze 2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
153 -
5.0
MEDIUM The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structur… CWE-17
Code
CVE-2015-0287 cpe:2.3:a:openssl:openssl:1.0.2:*
cpe:2.3:a:openssl:openssl:1.0.1l:*
cpe:2.3:a:openssl:openssl:1.0.1k:*
cpe:2.…
0.9.8ze 2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
154 -
5.0
MEDIUM The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, whi… CWE-17
Code
CVE-2015-0286 cpe:2.3:a:openssl:openssl:1.0.2:*
cpe:2.3:a:openssl:openssl:1.0.1l:*
cpe:2.3:a:openssl:openssl:1.0.1k:*
cpe:2.…
0.9.8ze 2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
155 -
4.3
MEDIUM The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to de… CWE-310
Cryptographic Issues
CVE-2015-0285 cpe:2.3:a:openssl:openssl:1.0.2:beta3
cpe:2.3:a:openssl:openssl:1.0.2:beta2
cpe:2.3:a:openssl:openssl:1.0.2:beta1…
2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
156 -
6.8
MEDIUM Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote at… NVD-CWE-Other
CVE-2015-0209 cpe:2.3:a:openssl:openssl:1.0.2:*
cpe:2.3:a:openssl:openssl:1.0.1l:*
cpe:2.3:a:openssl:openssl:1.0.1k:*
cpe:2.…
0.9.8ze 2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
157 -
4.3
MEDIUM The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL poi… NVD-CWE-Other
CVE-2015-0208 cpe:2.3:a:openssl:openssl:1.0.2:beta3
cpe:2.3:a:openssl:openssl:1.0.2:beta2
cpe:2.3:a:openssl:openssl:1.0.2:beta1…
2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
158 -
5.0
MEDIUM The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of se… NVD-CWE-Other
CVE-2015-0207 cpe:2.3:a:openssl:openssl:1.0.2:beta3
cpe:2.3:a:openssl:openssl:1.0.2:beta2
cpe:2.3:a:openssl:openssl:1.0.2:beta1…
2024-11-21 11:22
2015-03-20
Show GitHub Exploit DB Packet Storm
159 -
5.0
MEDIUM Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2015-0206 cpe:2.3:a:openssl:openssl:1.0.1j:*
cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2…
2024-11-21 11:22
2015-01-9
Show GitHub Exploit DB Packet Storm
160 -
5.0
MEDIUM The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a Certific… CWE-310
Cryptographic Issues
CVE-2015-0205 cpe:2.3:a:openssl:openssl:1.0.1j:*
cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2…
2024-11-21 11:22
2015-01-9
Show GitHub Exploit DB Packet Storm