Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

271

CRITICAL

HIGH

MEDIUM

152

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
261	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	20	25	2
262	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
263	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	35	64	10
264	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
265	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
266	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
267	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
268	New!! openssl 3	3.6.3	June 9, 2026			4	26	19	1
269	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
270	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	less than	Update date Published date	Show Affected	Exploit PoC Search
261	9.8 10.0	CRITICAL Network	Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 …	CWE-415 Double Free	CVE-2003-0545	cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6:*		2024-02-3 00:23 2003-11-17	Show	GitHub Exploit DB Packet Storm

262	- 5.0	MEDIUM	OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra red…	NVD-CWE-Other	CVE-2003-0147	cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6i:* cpe:2.…		2018-10-20 00:29 2003-03-31	Show	GitHub Exploit DB Packet Storm

263	- 7.5	HIGH	The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses…	NVD-CWE-Other	CVE-2003-0131	cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6i:* cpe:2.…		2018-10-20 00:29 2003-03-24	Show	GitHub Exploit DB Packet Storm

264	- 5.0	MEDIUM	ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing…	CWE-203 Information Exposure Through Discrepancy	CVE-2003-0078	cpe:2.3:a:openssl:openssl:0.9.7:beta6 cpe:2.3:a:openssl:openssl:0.9.7:beta5 cpe:2.3:a:openssl:openssl:0.9.7:beta4…	0.9.6i	2024-02-15 00:07 2003-03-3	Show	GitHub Exploit DB Packet Storm

265	- 7.5	HIGH	OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and p…	NVD-CWE-Other	CVE-2002-0655	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1 cpe:2.3:a:openssl:openssl:0.9.6d:*		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm

266	- 7.5	HIGH	Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SS…	NVD-CWE-Other	CVE-2002-0656	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1 cpe:2.3:a:openssl:openssl:0.9.6d:*		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm

267	- 7.5	HIGH	Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.	NVD-CWE-Other	CVE-2002-0657	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm

268	- 5.0	MEDIUM	The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.	NVD-CWE-Other	CVE-2002-0659	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1 cpe:2.3:a:openssl:openssl:0.9.6d:*		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm

269	- 5.0	MEDIUM	The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be use…	NVD-CWE-Other	CVE-2001-1141	cpe:2.3:a:openssl:openssl:0.9.6a:* cpe:2.3:a:openssl:openssl:0.9.6:* cpe:2.3:a:openssl:openssl:0.9.5:* cpe:2.3…		2017-10-10 10:30 2001-07-10	Show	GitHub Exploit DB Packet Storm

270	- 5.0	MEDIUM	OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak …	NVD-CWE-Other	CVE-2000-0535	cpe:2.3:a:openssl:openssl:0.9.4:*		2008-09-11 04:05 2000-06-12	Show	GitHub Exploit DB Packet Storm