Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	OpenSSL License Original SSLeay License オープンソース商用ライセンス有り Apache License v2.0

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
221	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
222	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
223	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
224	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
225	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
226	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
227	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
228	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
229	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
230	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	more than	less than	Update date Published date	Show Affected	Exploit PoC Search
221	- 5.0	MEDIUM	The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a N…	CWE-20 Improper Input Validation	CVE-2010-0740	cpe:2.3:a:openssl:openssl:0.9.8m:* cpe:2.3:a:openssl:openssl:0.9.8l:* cpe:2.3:a:openssl:openssl:0.9.8k:* cpe:2…					2023-11-7 11:05 2010-03-27	Show	GitHub Exploit DB Packet Storm

222	- 10.0	HIGH	OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, wh…	CWE-20 Improper Input Validation	CVE-2009-3245	cpe:2.3:a:openssl:openssl:0.9.8k:* cpe:2.3:a:openssl:openssl:0.9.8j:* cpe:2.3:a:openssl:openssl:0.9.8i:* cpe:2…		0.9.8l			2017-09-19 10:29 2010-03-6	Show	GitHub Exploit DB Packet Storm

223	- 4.3	MEDIUM	The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which …	CWE-20 Improper Input Validation	CVE-2010-0433	cpe:2.3:a:openssl:openssl:0.9.8l:* cpe:2.3:a:openssl:openssl:0.9.8k:* cpe:2.3:a:openssl:openssl:0.9.8j:* cpe:2…		0.9.8m			2023-02-13 13:16 2010-03-6	Show	GitHub Exploit DB Packet Storm

224	- 4.0	MEDIUM	OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signatu…	CWE-310 Cryptographic Issues	CVE-2010-0928	cpe:2.3:a:openssl:openssl:0.9.8i:*					2023-11-7 11:05 2010-03-6	Show	GitHub Exploit DB Packet Storm

225	- 5.0	MEDIUM	Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consu…	CWE-399 Resource Management Errors	CVE-2009-4355	cpe:2.3:a:openssl:openssl:1.0.0:beta4 cpe:2.3:a:openssl:openssl:1.0.0:beta3 cpe:2.3:a:openssl:openssl:1.0.0:beta2…		0.9.8l			2026-04-23 09:35 2010-01-15	Show	GitHub Exploit DB Packet Storm

226	- 5.8	MEDIUM	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…	CWE-295 Improper Certificate Validation	CVE-2009-3555	cpe:2.3:a:openssl:openssl:1.0:* cpe:2.3:a:openssl:openssl::		0.9.8k			2026-04-23 09:35 2009-11-10	Show	GitHub Exploit DB Packet Storm

227	- 5.1	MEDIUM	The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, whi…	CWE-295 Improper Certificate Validation	CVE-2009-2409	cpe:2.3:a:openssl:openssl::	0.9.8	0.9.8k			2026-04-23 09:35 2009-07-31	Show	GitHub Exploit DB Packet Storm

228	- 5.0	MEDIUM	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an o…	CWE-476 NULL Pointer Dereference	CVE-2009-1387	cpe:2.3:a:openssl:openssl::	0.9.8			0.9.8m	2026-04-23 09:35 2009-06-5	Show	GitHub Exploit DB Packet Storm

229	- 5.0	MEDIUM	ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHell…	CWE-476 NULL Pointer Dereference	CVE-2009-1386	cpe:2.3:a:openssl:openssl::			0.9.8	0.9.8i	2026-04-23 09:35 2009-06-5	Show	GitHub Exploit DB Packet Storm

230	- 5.0	MEDIUM	Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) an…	CWE-399 Resource Management Errors	CVE-2009-1379	cpe:2.3:a:openssl:openssl:1.0.0:beta2					2026-04-23 09:35 2009-05-20	Show	GitHub Exploit DB Packet Storm