Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License
  • Original SSLeay License
  • オープンソース

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
171 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
172 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
173 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
174 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
175 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
176 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
177 openssl a.00(LTS) a.00.09.07l 0 0 0 0
178 openssl 3 3.6.3 June 9, 2026 4 26 19 1
179 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
180 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
171 -
4.3
MEDIUM The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a Se… NVD-CWE-Other
CVE-2014-5139 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:11
2014-08-14
Show GitHub Exploit DB Packet Storm
172 -
7.5
HIGH Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have uns… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2014-3512 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
173 -
4.3
MEDIUM The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in comm… NVD-CWE-noinfo
CVE-2014-3511 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
174 -
4.3
MEDIUM The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL poi… NVD-CWE-Other
CVE-2014-3510 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
175 -
6.8
MEDIUM Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL … CWE-362
Race Condition
CVE-2014-3509 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
176 -
4.3
MEDIUM The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' … CWE-200
Information Exposure
CVE-2014-3508 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
177 -
5.0
MEDIUM Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumpt… CWE-399
 Resource Management Errors
CVE-2014-3507 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
178 -
5.0
MEDIUM d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafte… CWE-399
 Resource Management Errors
CVE-2014-3506 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
179 -
5.0
MEDIUM Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (a… NVD-CWE-Other
CVE-2014-3505 cpe:2.3:a:openssl:openssl:1.0.1h:*
cpe:2.3:a:openssl:openssl:1.0.1g:*
cpe:2.3:a:openssl:openssl:1.0.1f:*
cpe:2…
2024-11-21 11:08
2014-08-14
Show GitHub Exploit DB Packet Storm
180 -
4.3
MEDIUM The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t… CWE-476
 NULL Pointer Dereference
CVE-2014-3470 cpe:2.3:a:openssl:openssl:*:* 1.0.0
1.0.1




1.0.0m
1.0.1h
0.9.8za
2024-11-21 11:08
2014-06-6
Show GitHub Exploit DB Packet Storm