Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
201	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
202	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
203	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
204	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
205	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
206	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
207	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
208	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
209	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
210	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
201	- 5.0	MEDIUM	The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S…	NVD-CWE-Other	CVE-2006-7250	cpe:2.3:a:openssl:openssl:0.9.8s:* cpe:2.3:a:openssl:openssl:0.9.8r:* cpe:2.3:a:openssl:openssl:0.9.8q:* cpe:2…	0.9.8t	2024-11-21 09:24 2012-02-29	Show	GitHub Exploit DB Packet Storm

202	- 5.8	MEDIUM	crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular redu…	CWE-310 Cryptographic Issues	CVE-2011-4354	cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2.3:a:openssl:openssl:0.9.8d:* cpe:2…	0.9.8g	2024-11-21 10:32 2012-01-27	Show	GitHub Exploit DB Packet Storm

203	- 5.0	MEDIUM	OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NO…	CWE-399 Resource Management Errors	CVE-2012-0050	cpe:2.3:a:openssl:openssl:1.0.0f:* cpe:2.3:a:openssl:openssl:0.9.8s:*		2024-11-21 10:34 2012-01-20	Show	GitHub Exploit DB Packet Storm

204	- 5.0	MEDIUM	The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d…	CWE-399 Resource Management Errors	CVE-2012-0027	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	1.0.0e	2024-11-21 10:34 2012-01-6	Show	GitHub Exploit DB Packet Storm

205	- 5.0	MEDIUM	The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of servi…	CWE-399 Resource Management Errors	CVE-2011-4619	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	0.9.8r 1.0.0e	2024-11-21 10:32 2012-01-6	Show	GitHub Exploit DB Packet Storm

206	- 4.3	MEDIUM	OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate…	CWE-399 Resource Management Errors	CVE-2011-4577	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	0.9.8r 1.0.0e	2024-11-21 10:32 2012-01-6	Show	GitHub Exploit DB Packet Storm

207	- 5.0	MEDIUM	The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive…	CWE-310 Cryptographic Issues	CVE-2011-4576	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	0.9.8r 1.0.0e	2024-11-21 10:32 2012-01-6	Show	GitHub Exploit DB Packet Storm

208	- 9.3	HIGH	Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.	CWE-399 Resource Management Errors	CVE-2011-4109	cpe:2.3:a:openssl:openssl:0.9.8r:* cpe:2.3:a:openssl:openssl:0.9.8q:* cpe:2.3:a:openssl:openssl:0.9.8p:* cpe:2…		2024-11-21 10:31 2012-01-6	Show	GitHub Exploit DB Packet Storm

209	- 4.3	MEDIUM	The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a pad…	CWE-310 Cryptographic Issues	CVE-2011-4108	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	0.9.8r 1.0.0e	2024-11-21 10:31 2012-01-6	Show	GitHub Exploit DB Packet Storm

210	- 5.0	MEDIUM	The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows r…	CWE-399 Resource Management Errors	CVE-2011-3210	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…		2024-11-21 10:29 2011-09-22	Show	GitHub Exploit DB Packet Storm