Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	OpenSSL License Original SSLeay License オープンソース商用ライセンス有り Apache License v2.0

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
231	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
232	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
233	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
234	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
235	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
236	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
237	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
238	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
239	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
240	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	more than	less than	Update date Published date	Show Affected	Exploit PoC Search
231	- 5.0	MEDIUM	Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consum…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2009-1378	cpe:2.3:a:openssl:openssl::			0.9.8	0.9.8m	2026-04-23 09:35 2009-05-20	Show	GitHub Exploit DB Packet Storm

232	- 5.0	MEDIUM	The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future e…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-1377	cpe:2.3:a:openssl:openssl::	0.9.8			0.9.8m	2026-04-23 09:35 2009-05-20	Show	GitHub Exploit DB Packet Storm

233	- 5.0	MEDIUM	OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and …	CWE-189 Numeric Errors	CVE-2009-0789	cpe:2.3:a:openssl:openssl:0.9.8i:* cpe:2.3:a:openssl:openssl:0.9.8h:* cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2…		0.9.8j			2026-04-23 09:35 2009-03-28	Show	GitHub Exploit DB Packet Storm

234	- 2.6	LOW	The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate …	CWE-287 Improper Authentication	CVE-2009-0591	cpe:2.3:a:openssl:openssl:0.9.8j:* cpe:2.3:a:openssl:openssl:0.9.8i:* cpe:2.3:a:openssl:openssl:0.9.8h:*					2026-04-23 09:35 2009-03-28	Show	GitHub Exploit DB Packet Storm

235	- 5.0	MEDIUM	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-0590	cpe:2.3:a:openssl:openssl::				0.9.8k	2026-04-23 09:35 2009-03-28	Show	GitHub Exploit DB Packet Storm

236	- 7.5	HIGH	OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-mid…	CWE-287 Improper Authentication	CVE-2009-0653	cpe:2.3:a:openssl:openssl:0.9.6:*					2026-04-23 09:35 2009-02-21	Show	GitHub Exploit DB Packet Storm

237	- 5.8	MEDIUM	OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/…	CWE-20 Improper Input Validation	CVE-2008-5077	cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2…		0.9.8h			2026-04-23 09:35 2009-01-8	Show	GitHub Exploit DB Packet Storm

238	- 5.0	MEDIUM	Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multipl…	CWE-399 Resource Management Errors	CVE-2008-1678	cpe:2.3:a:openssl:openssl:0.9.8h:* cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:*					2026-04-23 09:35 2008-07-11	Show	GitHub Exploit DB Packet Storm

239	- 4.3	MEDIUM	Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello pack…	CWE-189 Numeric Errors	CVE-2008-0891	cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:*					2026-04-23 09:35 2008-05-30	Show	GitHub Exploit DB Packet Storm

240	- 4.3	MEDIUM	OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which trigge…	CWE-476 NULL Pointer Dereference	CVE-2008-1672	cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:*					2026-04-23 09:35 2008-05-30	Show	GitHub Exploit DB Packet Storm