Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Original SSLeay License オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
171	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
172	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
173	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
174	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
175	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
176	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
177	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
178	openssl 3	3.6.2	April 7, 2026			3	21	16	0
179	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
180	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
171	- 5.8	MEDIUM	The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t…	CWE-310 Cryptographic Issues	CVE-2013-6450	cpe:2.3:a:openssl:openssl:1.0.1e:* cpe:2.3:a:openssl:openssl:1.0.1d:* cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2…			2024-11-21 10:59 2014-01-2	Show	GitHub Exploit DB Packet Storm

172	- 4.3	MEDIUM	The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (…	CWE-310 Cryptographic Issues	CVE-2013-6449	cpe:2.3:a:openssl:openssl:1.0.1d:* cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2…		1.0.1e	2024-11-21 10:59 2013-12-24	Show	GitHub Exploit DB Packet Storm

173	- 2.6	LOW	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirem…	CWE-310 Cryptographic Issues	CVE-2013-0169	cpe:2.3:a:openssl:openssl::	1.0.0 0.9.8 1.0.1	1.0.0j 0.9.8x 1.0.1d	2024-11-21 10:46 2013-02-9	Show	GitHub Exploit DB Packet Storm

174	- 5.0	MEDIUM	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service …	CWE-310 Cryptographic Issues	CVE-2013-0166	cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2.3:a:openssl:openssl:1.0.1a:* cpe:2…			2024-11-21 10:46 2013-02-9	Show	GitHub Exploit DB Packet Storm

175	- 5.0	MEDIUM	crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application cr…	CWE-310 Cryptographic Issues	CVE-2012-2686	cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2.3:a:openssl:openssl:1.0.1a:* cpe:2…			2024-11-21 10:39 2013-02-9	Show	GitHub Exploit DB Packet Storm

176	- 4.0	MEDIUM	The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obt…	CWE-310 Cryptographic Issues	CVE-2011-5095	cpe:2.3:a:openssl:openssl:0.9.8:*			2024-11-21 10:33 2012-06-21	Show	GitHub Exploit DB Packet Storm

177	- 5.0	MEDIUM	OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a d…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1473	cpe:2.3:a:openssl:openssl:0.9.8x:* cpe:2.3:a:openssl:openssl:0.9.8w:* cpe:2.3:a:openssl:openssl:0.9.8v:* cpe:2…		0.9.8k	2024-11-21 10:26 2012-06-17	Show	GitHub Exploit DB Packet Storm

178	- 6.8	MEDIUM	Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of serv…	CWE-189 Numeric Errors	CVE-2012-2333	cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2.3:a:openssl:openssl:1.0.1a:* cpe:2.3:a:openssl:openssl:1.0.1:beta3 cp…		0.9.8w	2024-11-21 10:38 2012-05-15	Show	GitHub Exploit DB Packet Storm

179	- 7.5	HIGH	Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly…	CWE-189 Numeric Errors	CVE-2012-2131	cpe:2.3:a:openssl:openssl:0.9.8v:*			2024-11-21 10:38 2012-04-25	Show	GitHub Exploit DB Packet Storm

180	- 7.5	HIGH	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2012-2110	cpe:2.3:a:openssl:openssl:1.0.1:beta2 cpe:2.3:a:openssl:openssl:1.0.1:beta1 cpe:2.3:a:openssl:openssl:1.0.0g:*		0.9.8u	2024-11-21 10:38 2012-04-20	Show	GitHub Exploit DB Packet Storm