Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Apache License v2.0 OpenSSL License Original SSLeay License オープンソース商用ライセンス有り

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
11	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
12	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
13	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
14	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
15	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
16	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
17	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
18	openssl 3	3.6.2	April 7, 2026			3	21	16	0
19	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
20	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
11	7.5 -	HIGH Network	Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetri…	NVD-CWE-noinfo	CVE-2023-5363	cpe:2.3:a:openssl:openssl::	3.0.0 3.1.0		3.0.12 3.1.4	2024-11-21 17:41 2023-10-26	Show	GitHub Exploit DB Packet Storm

12	7.8 -	HIGH Local	Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_…	NVD-CWE-noinfo	CVE-2023-4807	cpe:2.3:a:openssl:openssl::	3.1.0 3.0.0 1.1.1		3.1.3 3.0.11 1.1.1w	2024-11-21 17:36 2023-09-8	Show	GitHub Exploit DB Packet Storm

13	5.3 -	MEDIUM Network	Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH…	CWE-834 Excessive Iteration	CVE-2023-3817	cpe:2.3:a:openssl:openssl:1.1.1u:* cpe:2.3:a:openssl:openssl:1.1.1t:* cpe:2.3:a:openssl:openssl:1.1.1s:* cpe:2…	3.1.0 3.0.0		3.1.2 3.0.10	2024-11-21 17:18 2023-08-1	Show	GitHub Exploit DB Packet Storm

14	5.3 -	MEDIUM Network	Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH…	CWE-1333 Inefficient Regular Expression Complexity	CVE-2023-3446	cpe:2.3:a:openssl:openssl:3.1.1:- cpe:2.3:a:openssl:openssl:3.1.0:- cpe:2.3:a:openssl:openssl:3.0.0:- cpe:2.3:…				2024-11-21 17:17 2023-07-19	Show	GitHub Exploit DB Packet Storm

15	5.3 -	MEDIUM Network	Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that u…	CWE-287 Improper Authentication	CVE-2023-2975	cpe:2.3:a:openssl:openssl::	3.0.0 3.1.0	3.0.9 3.1.1		2024-11-21 16:59 2023-07-14	Show	GitHub Exploit DB Packet Storm

16	6.5 -	MEDIUM Network	Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the Op…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2023-2650	cpe:2.3:a:openssl:openssl::	3.1.0 3.0.0 1.1.1 1.0.2		3.1.1 3.0.9 1.1.1u 1.0.2zh	2024-11-21 16:59 2023-05-30	Show	GitHub Exploit DB Packet Storm

17	5.9 -	MEDIUM Network	Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications…	CWE-125 Out-of-bounds Read	CVE-2023-1255	cpe:2.3:a:openssl:openssl::	3.1.0 3.0.0		3.1.1 3.0.9	2024-11-21 16:38 2023-04-21	Show	GitHub Exploit DB Packet Storm

18	5.3 -	MEDIUM Network	The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not e…	CWE-295 Improper Certificate Validation	CVE-2023-0466	cpe:2.3:a:openssl:openssl::	3.1.0 3.0.0 1.1.1 1.0.2		3.1.1 3.0.9 1.1.1u 1.0.2zh	2024-11-21 16:37 2023-03-29	Show	GitHub Exploit DB Packet Storm

19	5.3 -	MEDIUM Network	Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certifica…	CWE-295 Improper Certificate Validation	CVE-2023-0465	cpe:2.3:a:openssl:openssl::	3.1.0 3.0.0 1.1.1 1.0.2		3.1.1 3.0.9 1.1.1u 1.0.2zh	2024-11-21 16:37 2023-03-29	Show	GitHub Exploit DB Packet Storm

20	7.5 -	HIGH Network	A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to e…	CWE-295 Improper Certificate Validation	CVE-2023-0464	cpe:2.3:a:openssl:openssl::	3.1.0 3.0.0 1.1.1 1.0.2		3.1.1 3.0.9 1.1.1u 1.0.2zh	2024-11-21 16:37 2023-03-23	Show	GitHub Exploit DB Packet Storm