Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Original SSLeay License オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
91	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
92	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
93	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
94	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
95	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
96	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
97	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
98	openssl 3	3.6.2	April 7, 2026			3	21	16	0
99	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
100	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
91	7.5 5.0	HIGH Network	The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial …	CWE-399 Resource Management Errors	CVE-2016-2179	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…		2024-11-21 11:47 2016-09-16	Show	GitHub Exploit DB Packet Storm

92	7.5 5.0	HIGH Network	The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for re…	CWE-200 Information Exposure	CVE-2016-2183	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2…		2024-11-21 11:47 2016-09-1	Show	GitHub Exploit DB Packet Storm

93	7.5 5.0	HIGH Network	The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial…	CWE-125 Out-of-bounds Read	CVE-2016-2180	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…		2024-11-21 11:47 2016-08-1	Show	GitHub Exploit DB Packet Storm

94	5.5 2.1	MEDIUM Local	The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA pr…	CWE-203 Information Exposure Through Discrepancy	CVE-2016-2178	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…		2024-11-21 11:47 2016-06-20	Show	GitHub Exploit DB Packet Storm

95	9.8 7.5	CRITICAL Network	OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or…	CWE-190 Integer Overflow or Wraparound	CVE-2016-2177	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…		2024-11-21 11:47 2016-06-20	Show	GitHub Exploit DB Packet Storm

96	8.2 6.4	HIGH Network	The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2016-2176	cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2…	1.0.1s	2024-11-21 11:47 2016-05-5	Show	GitHub Exploit DB Packet Storm

97	7.5 7.8	HIGH Network	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory …	CWE-399 Resource Management Errors	CVE-2016-2109	cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2…	1.0.1s	2024-11-21 11:47 2016-05-5	Show	GitHub Exploit DB Packet Storm

98	7.5 5.0	HIGH Network	Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruptio…	CWE-189 Numeric Errors	CVE-2016-2106	cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2…	1.0.1s	2024-11-21 11:47 2016-05-5	Show	GitHub Exploit DB Packet Storm

99	7.5 5.0	HIGH Network	crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection…	CWE-310 Cryptographic Issues	CVE-2000-1254	cpe:2.3:a:openssl:openssl::	0.9.5	2024-11-21 08:34 2016-05-5	Show	GitHub Exploit DB Packet Storm

100	9.8 10.0	CRITICAL Network	The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via a…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2016-2108	cpe:2.3:a:openssl:openssl:1.0.2b:* cpe:2.3:a:openssl:openssl:1.0.2a:* cpe:2.3:a:openssl:openssl:1.0.2:beta3 cp…	1.0.1n	2024-11-21 11:47 2016-05-5	Show	GitHub Exploit DB Packet Storm