Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Apache License v2.0 OpenSSL License Original SSLeay License オープンソース商用ライセンス有り

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
211	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
212	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
213	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
214	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
215	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
216	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
217	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
218	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
219	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
220	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
211	- 5.0	MEDIUM	crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value co…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-3207	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…				2024-11-21 10:29 2011-09-22	Show	GitHub Exploit DB Packet Storm

212	- 2.6	LOW	The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly …	CWE-310 Cryptographic Issues	CVE-2011-1945	cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2…		1.0.0d		2024-11-21 10:27 2011-06-1	Show	GitHub Exploit DB Packet Storm

213	- 5.0	MEDIUM	ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use…	CWE-399 Resource Management Errors	CVE-2011-0014	cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2…				2024-11-21 10:23 2011-02-19	Show	GitHub Exploit DB Packet Storm

214	- 4.3	MEDIUM	OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use o…	CWE-310 Cryptographic Issues	CVE-2008-7270	cpe:2.3:a:openssl:openssl:0.9.8h:* cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2…		0.9.8i		2024-11-21 09:58 2010-12-7	Show	GitHub Exploit DB Packet Storm

215	- 7.5	HIGH	OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared se…	CWE-287 Improper Authentication	CVE-2010-4252	cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2.3:a:openssl:openssl:1.0.0:beta5 cpe:2.3:a:openssl:openssl:1.0.0:beta4		1.0.0b		2024-11-21 10:20 2010-12-7	Show	GitHub Exploit DB Packet Storm

216	- 4.3	MEDIUM	OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows r…	NVD-CWE-noinfo	CVE-2010-4180	cpe:2.3:a:openssl:openssl::	1.0.0		1.0.0c 0.9.8q	2024-11-21 10:20 2010-12-7	Show	GitHub Exploit DB Packet Storm

217	- 7.6	HIGH	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to ex…	CWE-362 Race Condition	CVE-2010-3864	cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2.3:a:openssl:openssl:1.0.0:* cpe:2.3:a:openssl:openssl:0.9.8o:* cpe:2.…				2024-11-21 10:19 2010-11-18	Show	GitHub Exploit DB Packet Storm

218	- 4.3	MEDIUM	Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dep…	CWE-399 Resource Management Errors	CVE-2010-2939	cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2.3:a:openssl:openssl:0.9.8:* cpe:2.3:a:openssl:openssl:0.9.7:*				2024-11-21 10:17 2010-08-18	Show	GitHub Exploit DB Packet Storm

219	- 7.5	HIGH	The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which al…	CWE-310 Cryptographic Issues	CVE-2010-0742	cpe:2.3:a:openssl:openssl:1.0.0:beta5 cpe:2.3:a:openssl:openssl:1.0.0:beta4 cpe:2.3:a:openssl:openssl:1.0.0:beta3…		0.9.8n		2017-09-19 10:30 2010-06-3	Show	GitHub Exploit DB Packet Storm

220	- 6.4	MEDIUM	RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which mi…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-1633	cpe:2.3:a:openssl:openssl:1.0.0:beta5 cpe:2.3:a:openssl:openssl:1.0.0:beta4 cpe:2.3:a:openssl:openssl:1.0.0:beta3…				2023-11-7 11:05 2010-06-3	Show	GitHub Exploit DB Packet Storm