Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License
  • Original SSLeay License
  • オープンソース

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
191 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
192 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
193 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
194 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
195 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
196 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
197 openssl a.00(LTS) a.00.09.07l 0 0 0 0
198 openssl 3 3.6.3 June 9, 2026 4 26 19 1
199 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
200 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
191 -
2.6
LOW The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirem… CWE-310
Cryptographic Issues
CVE-2013-0169 cpe:2.3:a:openssl:openssl:*:* 1.0.0
0.9.8
1.0.1
1.0.0j
0.9.8x
1.0.1d




2024-11-21 10:46
2013-02-9
Show GitHub Exploit DB Packet Storm
192 -
5.0
MEDIUM OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service … CWE-310
Cryptographic Issues
CVE-2013-0166 cpe:2.3:a:openssl:openssl:1.0.1c:*
cpe:2.3:a:openssl:openssl:1.0.1b:*
cpe:2.3:a:openssl:openssl:1.0.1a:*
cpe:2…
2024-11-21 10:46
2013-02-9
Show GitHub Exploit DB Packet Storm
193 -
5.0
MEDIUM crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application cr… CWE-310
Cryptographic Issues
CVE-2012-2686 cpe:2.3:a:openssl:openssl:1.0.1c:*
cpe:2.3:a:openssl:openssl:1.0.1b:*
cpe:2.3:a:openssl:openssl:1.0.1a:*
cpe:2…
2024-11-21 10:39
2013-02-9
Show GitHub Exploit DB Packet Storm
194 -
4.0
MEDIUM The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obt… CWE-310
Cryptographic Issues
CVE-2011-5095 cpe:2.3:a:openssl:openssl:0.9.8:* 2024-11-21 10:33
2012-06-21
Show GitHub Exploit DB Packet Storm
195 -
5.0
MEDIUM OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a d… CWE-264
Permissions, Privileges, and Access Controls
CVE-2011-1473 cpe:2.3:a:openssl:openssl:0.9.8x:*
cpe:2.3:a:openssl:openssl:0.9.8w:*
cpe:2.3:a:openssl:openssl:0.9.8v:*
cpe:2…
0.9.8k 2024-11-21 10:26
2012-06-17
Show GitHub Exploit DB Packet Storm
196 -
6.8
MEDIUM Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of serv… CWE-189
Numeric Errors
CVE-2012-2333 cpe:2.3:a:openssl:openssl:1.0.1b:*
cpe:2.3:a:openssl:openssl:1.0.1a:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3
cp…
0.9.8w 2024-11-21 10:38
2012-05-15
Show GitHub Exploit DB Packet Storm
197 -
7.5
HIGH Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly… CWE-189
Numeric Errors
CVE-2012-2131 cpe:2.3:a:openssl:openssl:0.9.8v:* 2024-11-21 10:38
2012-04-25
Show GitHub Exploit DB Packet Storm
198 -
7.5
HIGH The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2012-2110 cpe:2.3:a:openssl:openssl:1.0.1:beta2
cpe:2.3:a:openssl:openssl:1.0.1:beta1
cpe:2.3:a:openssl:openssl:1.0.0g:*
0.9.8u 2024-11-21 10:38
2012-04-20
Show GitHub Exploit DB Packet Storm
199 -
5.0
MEDIUM The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application cra… CWE-399
 Resource Management Errors
CVE-2012-1165 cpe:2.3:a:openssl:openssl:1.0.0g:*
cpe:2.3:a:openssl:openssl:1.0.0f:*
cpe:2.3:a:openssl:openssl:1.0.0e:*
cpe:2…
0.9.8t 2024-11-21 10:36
2012-03-16
Show GitHub Exploit DB Packet Storm
200 -
5.0
MEDIUM The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for conte… CWE-310
Cryptographic Issues
CVE-2012-0884 cpe:2.3:a:openssl:openssl:1.0.0g:*
cpe:2.3:a:openssl:openssl:1.0.0f:*
cpe:2.3:a:openssl:openssl:1.0.0e:*
cpe:2…
0.9.8t 2024-11-21 10:35
2012-03-13
Show GitHub Exploit DB Packet Storm