Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Apache License v2.0 OpenSSL License Original SSLeay License オープンソース商用ライセンス有り

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
1	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
2	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
3	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
4	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
5	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
6	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
7	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
8	openssl 3	3.6.2	April 7, 2026			3	21	16	0
9	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
10	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
1	7.5 -	HIGH Network	Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitial…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2026-31790	cpe:2.3:a:openssl:openssl::	3.0.0 3.3.0 3.4.0 3.5.0 3.6.0		3.0.20 3.3.7 3.4.5 3.5.6 3.6.2	2026-04-24 00:39 2026-04-8	Show	GitHub Exploit DB Packet Storm

2	9.8 -	CRITICAL Network	Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr…	CWE-787 Out-of-bounds Write	CVE-2026-31789	cpe:2.3:a:openssl:openssl::	3.0.0 3.3.0 3.4.0 3.5.0 3.6.0		3.0.20 3.3.7 3.4.5 3.5.6 3.6.2	2026-04-24 00:39 2026-04-8	Show	GitHub Exploit DB Packet Storm

3	7.5 -	HIGH Network	Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-contr…	CWE-476 NULL Pointer Dereference	CVE-2026-28390	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0		1.0.2zp 1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2	2026-04-24 00:39 2026-04-8	Show	GitHub Exploit DB Packet Storm

4	7.5 -	HIGH Network	Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlle…	CWE-476 NULL Pointer Dereference	CVE-2026-28389	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0		1.0.2zp 1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2	2026-04-24 00:40 2026-04-8	Show	GitHub Exploit DB Packet Storm

5	7.5 -	HIGH Network	Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A …	CWE-476 NULL Pointer Dereference	CVE-2026-28388	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0		1.0.2zp 1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2	2026-04-24 00:40 2026-04-8	Show	GitHub Exploit DB Packet Storm

6	8.1 -	HIGH Network	Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-…	CWE-416 Use After Free	CVE-2026-28387	cpe:2.3:a:openssl:openssl::	1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0		1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2	2026-04-24 00:39 2026-04-8	Show	GitHub Exploit DB Packet Storm

7	9.1 -	CRITICAL Network	Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher block…	CWE-125 Out-of-bounds Read	CVE-2026-28386	cpe:2.3:a:openssl:openssl::	3.6.0		3.6.2	2026-04-25 03:28 2026-04-8	Show	GitHub Exploit DB Packet Storm

8	5.5 -	MEDIUM Local	Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 forma…	NVD-CWE-noinfo	CVE-2024-0727	cpe:2.3:a:openssl:openssl:3.2.0:- cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1 3.0.0 3.1.0		1.0.2zj 1.1.1x 3.0.13 3.1.5	2024-11-21 17:47 2024-01-26	Show	GitHub Exploit DB Packet Storm

9	6.5 -	MEDIUM Network	Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU pro…	CWE-787 Out-of-bounds Write	CVE-2023-6129	cpe:2.3:a:openssl:openssl:3.2.0:* cpe:2.3:a:openssl:openssl::	3.1.0 3.0.0	3.1.4 3.0.12		2024-11-21 17:43 2024-01-10	Show	GitHub Exploit DB Packet Storm

10	5.3 -	MEDIUM Network	Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_ke…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2023-5678	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1 3.0.0 3.1.0		1.0.2zj 1.1.1x 3.0.13 3.1.5	2024-11-21 17:42 2023-11-7	Show	GitHub Exploit DB Packet Storm