Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License
  • Original SSLeay License
  • オープンソース

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
181 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
182 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
183 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
184 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
185 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
186 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
187 openssl a.00(LTS) a.00.09.07l 0 0 0 0
188 openssl 3 3.6.3 June 9, 2026 4 26 19 1
189 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
190 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
181 7.4
5.8
HIGH
Network
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z… CWE-326
Inadequate Encryption Strength
CVE-2014-0224 cpe:2.3:a:openssl:openssl:*:* 1.0.0
1.0.1




1.0.0m
1.0.1h
0.9.8za
2024-11-21 11:01
2014-06-6
Show GitHub Exploit DB Packet Storm
182 -
4.3
MEDIUM The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client… NVD-CWE-noinfo
CVE-2014-0221 cpe:2.3:a:openssl:openssl:*:* 1.0.0
1.0.1
0.9.8




1.0.0m
1.0.1h
0.9.8za
2024-11-21 11:01
2014-06-6
Show GitHub Exploit DB Packet Storm
183 -
6.8
MEDIUM The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, w… CWE-120
Classic Buffer Overflow
CVE-2014-0195 cpe:2.3:a:openssl:openssl:*:* 1.0.0
1.0.1
0.9.8




1.0.0m
1.0.1h
0.9.8za
2024-11-21 11:01
2014-06-6
Show GitHub Exploit DB Packet Storm
184 -
4.3
MEDIUM The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows … CWE-476
 NULL Pointer Dereference
CVE-2014-0198 cpe:2.3:a:openssl:openssl:*:* 1.0.0 1.0.1g 2024-11-21 11:01
2014-05-6
Show GitHub Exploit DB Packet Storm
185 -
4.0
MEDIUM Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denia… CWE-362
Race Condition
CVE-2010-5298 cpe:2.3:a:openssl:openssl:*:* 1.0.1g 2024-11-21 10:22
2014-04-15
Show GitHub Exploit DB Packet Storm
186 7.5
5.0
HIGH
Network
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process … CWE-125
Out-of-bounds Read
CVE-2014-0160 cpe:2.3:a:openssl:openssl:*:* 1.0.1 1.0.1g 2026-04-22 05:07
2014-04-8
Show GitHub Exploit DB Packet Storm
187 -
1.9
LOW The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces… CWE-310
Cryptographic Issues
CVE-2014-0076 cpe:2.3:a:openssl:openssl:1.0.0k:*
cpe:2.3:a:openssl:openssl:1.0.0j:*
cpe:2.3:a:openssl:openssl:1.0.0i:*
cpe:2…
1.0.0l 2024-11-21 11:01
2014-03-25
Show GitHub Exploit DB Packet Storm
188 -
4.3
MEDIUM The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next P… CWE-20
 Improper Input Validation 
CVE-2013-4353 cpe:2.3:a:openssl:openssl:1.0.1e:*
cpe:2.3:a:openssl:openssl:1.0.1d:*
cpe:2.3:a:openssl:openssl:1.0.1c:*
cpe:2…
2024-11-21 10:55
2014-01-9
Show GitHub Exploit DB Packet Storm
189 -
5.8
MEDIUM The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t… CWE-310
Cryptographic Issues
CVE-2013-6450 cpe:2.3:a:openssl:openssl:1.0.1e:*
cpe:2.3:a:openssl:openssl:1.0.1d:*
cpe:2.3:a:openssl:openssl:1.0.1c:*
cpe:2…
2024-11-21 10:59
2014-01-2
Show GitHub Exploit DB Packet Storm
190 -
4.3
MEDIUM The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (… CWE-310
Cryptographic Issues
CVE-2013-6449 cpe:2.3:a:openssl:openssl:1.0.1d:*
cpe:2.3:a:openssl:openssl:1.0.1c:*
cpe:2.3:a:openssl:openssl:1.0.1b:*
cpe:2…
1.0.1e 2024-11-21 10:59
2013-12-24
Show GitHub Exploit DB Packet Storm