Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
181	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
182	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
183	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
184	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
185	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
186	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
187	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
188	openssl 3	3.6.2	April 7, 2026			3	21	16	0
189	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
190	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
181	- 5.0	MEDIUM	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application cra…	CWE-399 Resource Management Errors	CVE-2012-1165	cpe:2.3:a:openssl:openssl:1.0.0g:* cpe:2.3:a:openssl:openssl:1.0.0f:* cpe:2.3:a:openssl:openssl:1.0.0e:* cpe:2…	0.9.8t	2024-11-21 10:36 2012-03-16	Show	GitHub Exploit DB Packet Storm

182	- 5.0	MEDIUM	The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for conte…	CWE-310 Cryptographic Issues	CVE-2012-0884	cpe:2.3:a:openssl:openssl:1.0.0g:* cpe:2.3:a:openssl:openssl:1.0.0f:* cpe:2.3:a:openssl:openssl:1.0.0e:* cpe:2…	0.9.8t	2024-11-21 10:35 2012-03-13	Show	GitHub Exploit DB Packet Storm

183	- 5.0	MEDIUM	The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S…	NVD-CWE-Other	CVE-2006-7250	cpe:2.3:a:openssl:openssl:0.9.8s:* cpe:2.3:a:openssl:openssl:0.9.8r:* cpe:2.3:a:openssl:openssl:0.9.8q:* cpe:2…	0.9.8t	2024-11-21 09:24 2012-02-29	Show	GitHub Exploit DB Packet Storm

184	- 5.8	MEDIUM	crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular redu…	CWE-310 Cryptographic Issues	CVE-2011-4354	cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2.3:a:openssl:openssl:0.9.8d:* cpe:2…	0.9.8g	2024-11-21 10:32 2012-01-27	Show	GitHub Exploit DB Packet Storm

185	- 5.0	MEDIUM	OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NO…	CWE-399 Resource Management Errors	CVE-2012-0050	cpe:2.3:a:openssl:openssl:1.0.0f:* cpe:2.3:a:openssl:openssl:0.9.8s:*		2024-11-21 10:34 2012-01-20	Show	GitHub Exploit DB Packet Storm

186	- 5.0	MEDIUM	The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d…	CWE-399 Resource Management Errors	CVE-2012-0027	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	1.0.0e	2024-11-21 10:34 2012-01-6	Show	GitHub Exploit DB Packet Storm

187	- 5.0	MEDIUM	The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of servi…	CWE-399 Resource Management Errors	CVE-2011-4619	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	0.9.8r 1.0.0e	2024-11-21 10:32 2012-01-6	Show	GitHub Exploit DB Packet Storm

188	- 4.3	MEDIUM	OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate…	CWE-399 Resource Management Errors	CVE-2011-4577	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	0.9.8r 1.0.0e	2024-11-21 10:32 2012-01-6	Show	GitHub Exploit DB Packet Storm

189	- 5.0	MEDIUM	The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive…	CWE-310 Cryptographic Issues	CVE-2011-4576	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…	0.9.8r 1.0.0e	2024-11-21 10:32 2012-01-6	Show	GitHub Exploit DB Packet Storm

190	- 9.3	HIGH	Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.	CWE-399 Resource Management Errors	CVE-2011-4109	cpe:2.3:a:openssl:openssl:0.9.8r:* cpe:2.3:a:openssl:openssl:0.9.8q:* cpe:2.3:a:openssl:openssl:0.9.8p:* cpe:2…		2024-11-21 10:31 2012-01-6	Show	GitHub Exploit DB Packet Storm