Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License オープンソース

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
241	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
242	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
243	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
244	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
245	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
246	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
247	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
248	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
249	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
250	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
241	7.5 7.8	HIGH Network	OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to cond…	CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	CVE-2008-0166	cpe:2.3:a:openssl:openssl::	0.9.8c-1	0.9.8g	2026-04-23 09:35 2008-05-14	Show	GitHub Exploit DB Packet Storm

242	- 9.3	HIGH	Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.	CWE-189 Numeric Errors	CVE-2007-4995	cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2.3:a:openssl:openssl:0.9.8d:* cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2…			2026-04-23 09:35 2007-10-13	Show	GitHub Exploit DB Packet Storm

243	- 6.8	MEDIUM	Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that trigger…	CWE-189 Numeric Errors	CVE-2007-5135	cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2.3:a:openssl:openssl:0.9.8d:* cpe:2…			2026-04-23 09:35 2007-09-28	Show	GitHub Exploit DB Packet Storm

244	- 1.2	LOW	The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attac…	NVD-CWE-Other	CVE-2007-3108	cpe:2.3:a:openssl:openssl::		0.9.8e	2026-04-23 09:35 2007-08-8	Show	GitHub Exploit DB Packet Storm

245	- 7.8	HIGH	OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improper…	CWE-399 Resource Management Errors	CVE-2006-2937	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm

246	- 7.8	HIGH	OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2…	CWE-399 Resource Management Errors	CVE-2006-2940	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm

247	- 10.0	HIGH	Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2006-3738	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm

248	- 4.3	MEDIUM	The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via …	CWE-476 NULL Pointer Dereference	CVE-2006-4343	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm

249	- 4.3	MEDIUM	OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PK…	CWE-310 Cryptographic Issues	CVE-2006-4339	cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2.3:a:openssl:openssl:0.9.8:* cpe:2.…		0.9.7	2018-10-18 06:35 2006-09-6	Show	GitHub Exploit DB Packet Storm

250	- 5.0	MEDIUM	The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preven…	NVD-CWE-Other	CVE-2005-2969	cpe:2.3:a:openssl:openssl:0.9.8:* cpe:2.3:a:openssl:openssl:0.9.7g:* cpe:2.3:a:openssl:openssl:0.9.7f:* cpe:2.…			2018-05-3 10:29 2005-10-19	Show	GitHub Exploit DB Packet Storm