Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
11 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
12 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
13 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
14 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
15 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
16 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
17 openssl a.00(LTS) a.00.09.07l 0 0 0 0
18 openssl 3 3.6.3 June 9, 2026 4 26 19 1
19 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
20 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
11 5.9
-
MEDIUM
Network
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application … CWE-476
 NULL Pointer Dereference
CVE-2026-42766 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
1.0.2
1.1.1
3.0.0
3.4.0
3.5.0
3.6.0










1.0.2zq
1.1.1zh
3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 03:25
2026-06-10
Show GitHub Exploit DB Packet Storm
12 7.5
-
HIGH
Network
Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a … CWE-476
 NULL Pointer Dereference
CVE-2026-42765 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.6.0 3.6.3 2026-06-16 03:14
2026-06-10
Show GitHub Exploit DB Packet Storm
13 7.5
-
HIGH
Network
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer … CWE-476
 NULL Pointer Dereference
CVE-2026-42764 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.5.0
3.6.0


3.5.7
3.6.3
2026-06-16 03:25
2026-06-10
Show GitHub Exploit DB Packet Storm
14 5.0
-
MEDIUM
Network
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verificatio… CWE-415
 Double Free
CVE-2026-35188 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.6.0 3.6.3 2026-06-16 03:12
2026-06-10
Show GitHub Exploit DB Packet Storm
15 7.5
-
HIGH
Network
Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unb… CWE-1325
 Improperly Controlled Sequential Memory Allocation
CVE-2026-34183 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.4.0
3.5.0
3.6.0




3.4.6
3.5.7
3.6.3
2026-06-16 03:12
2026-06-10
Show GitHub Exploit DB Packet Storm
16 9.1
-
CRITICAL
Network
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various pot… CWE-354
 Improper Validation of Integrity Check Value
CVE-2026-34182 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.0.0
3.4.0
3.5.0
3.6.0






3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 03:13
2026-06-10
Show GitHub Exploit DB Packet Storm
17 7.4
-
HIGH
Network
Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing a certifi… CWE-354
 Improper Validation of Integrity Check Value
CVE-2026-34181 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.4.0
3.5.0
3.6.0




3.4.6
3.5.7
3.6.3
2026-06-16 03:13
2026-06-10
Show GitHub Exploit DB Packet Storm
18 7.5
-
HIGH
Network
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platfo… CWE-125
Out-of-bounds Read
CVE-2026-34180 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
1.0.2
1.1.1
3.0.0
3.4.0
3.5.0
3.6.0










1.0.2zq
1.1.1zh
3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 03:13
2026-06-10
Show GitHub Exploit DB Packet Storm
19 7.5
-
HIGH
Network
Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitial… CWE-754
 Improper Check for Unusual or Exceptional Conditions
CVE-2026-31790 cpe:2.3:a:openssl:openssl:*:* 3.0.0
3.3.0
3.4.0
3.5.0
3.6.0








3.0.20
3.3.7
3.4.5
3.5.6
3.6.2
2026-04-24 00:39
2026-04-8
Show GitHub Exploit DB Packet Storm
20 9.8
-
CRITICAL
Network
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr… CWE-787
 Out-of-bounds Write
CVE-2026-31789 cpe:2.3:a:openssl:openssl:*:* 3.0.0
3.3.0
3.4.0
3.5.0
3.6.0








3.0.20
3.3.7
3.4.5
3.5.6
3.6.2
2026-04-24 00:39
2026-04-8
Show GitHub Exploit DB Packet Storm