Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • Apache License v2.0
  • OpenSSL License
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
161 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
162 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
163 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
164 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
165 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
166 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
167 openssl a.00(LTS) a.00.09.07l 0 0 0 0
168 openssl 3 3.6.3 June 9, 2026 4 26 19 1
169 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
170 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
161 -
4.3
MEDIUM The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and fa… CWE-310
Cryptographic Issues
CVE-2015-0204 cpe:2.3:a:openssl:openssl:1.0.1j:*
cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2…
0.9.8zc 2024-11-21 11:22
2015-01-9
Show GitHub Exploit DB Packet Storm
162 -
5.0
MEDIUM OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-… CWE-310
Cryptographic Issues
CVE-2014-8275 cpe:2.3:a:openssl:openssl:1.0.1j:*
cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2…
0.9.8zc 2024-11-21 11:18
2015-01-9
Show GitHub Exploit DB Packet Storm
163 -
5.0
MEDIUM The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigge… CWE-310
Cryptographic Issues
CVE-2014-3572 cpe:2.3:a:openssl:openssl:1.0.1j:*
cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2…
0.9.8zc 2024-11-21 11:08
2015-01-9
Show GitHub Exploit DB Packet Storm
164 -
5.0
MEDIUM OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message t… NVD-CWE-Other
CVE-2014-3571 cpe:2.3:a:openssl:openssl:1.0.1j:*
cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2…
0.9.8zc 2024-11-21 11:08
2015-01-9
Show GitHub Exploit DB Packet Storm
165 -
5.0
MEDIUM The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attac… CWE-310
Cryptographic Issues
CVE-2014-3570 cpe:2.3:a:openssl:openssl:1.0.1j:*
cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2…
0.9.8zc 2024-11-21 11:08
2015-01-9
Show GitHub Exploit DB Packet Storm
166 -
5.0
MEDIUM The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denia… NVD-CWE-Other
CVE-2014-3569 cpe:2.3:a:openssl:openssl:1.0.1j:* 2024-11-21 11:08
2014-12-24
Show GitHub Exploit DB Packet Storm
167 -
4.3
MEDIUM OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SS… CWE-310
Cryptographic Issues
CVE-2014-3568 cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2…
0.9.8zb 2024-11-21 11:08
2014-10-19
Show GitHub Exploit DB Packet Storm
168 -
7.1
HIGH Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consump… CWE-20
CWE-399
 Improper Input Validation 
 Resource Management Errors
CVE-2014-3567 cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2…
0.9.8zb 2024-11-21 11:08
2014-10-19
Show GitHub Exploit DB Packet Storm
169 -
7.1
HIGH Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. CWE-20
 Improper Input Validation 
CVE-2014-3513 cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2…
2024-11-21 11:08
2014-10-19
Show GitHub Exploit DB Packet Storm
170 3.4
4.3
LOW
Network
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a pad… CWE-310
Cryptographic Issues
CVE-2014-3566 cpe:2.3:a:openssl:openssl:1.0.1i:*
cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2…
2024-11-21 11:08
2014-10-15
Show GitHub Exploit DB Packet Storm