Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Apache License v2.0 OpenSSL License Original SSLeay License オープンソース商用ライセンス有り

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
191	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
192	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
193	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
194	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
195	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
196	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
197	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
198	openssl 3	3.6.2	April 7, 2026			3	21	16	0
199	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
200	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
191	- 4.3	MEDIUM	The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a pad…	CWE-310 Cryptographic Issues	CVE-2011-4108	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…		0.9.8r 1.0.0e		2024-11-21 10:31 2012-01-6	Show	GitHub Exploit DB Packet Storm

192	- 5.0	MEDIUM	The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows r…	CWE-399 Resource Management Errors	CVE-2011-3210	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…				2024-11-21 10:29 2011-09-22	Show	GitHub Exploit DB Packet Storm

193	- 5.0	MEDIUM	crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value co…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-3207	cpe:2.3:a:openssl:openssl:1.0.0d:* cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2…				2024-11-21 10:29 2011-09-22	Show	GitHub Exploit DB Packet Storm

194	- 2.6	LOW	The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly …	CWE-310 Cryptographic Issues	CVE-2011-1945	cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2…		1.0.0d		2024-11-21 10:27 2011-06-1	Show	GitHub Exploit DB Packet Storm

195	- 5.0	MEDIUM	ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use…	CWE-399 Resource Management Errors	CVE-2011-0014	cpe:2.3:a:openssl:openssl:1.0.0c:* cpe:2.3:a:openssl:openssl:1.0.0b:* cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2…				2024-11-21 10:23 2011-02-19	Show	GitHub Exploit DB Packet Storm

196	- 4.3	MEDIUM	OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use o…	CWE-310 Cryptographic Issues	CVE-2008-7270	cpe:2.3:a:openssl:openssl:0.9.8h:* cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2…		0.9.8i		2024-11-21 09:58 2010-12-7	Show	GitHub Exploit DB Packet Storm

197	- 7.5	HIGH	OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared se…	CWE-287 Improper Authentication	CVE-2010-4252	cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2.3:a:openssl:openssl:1.0.0:beta5 cpe:2.3:a:openssl:openssl:1.0.0:beta4		1.0.0b		2024-11-21 10:20 2010-12-7	Show	GitHub Exploit DB Packet Storm

198	- 4.3	MEDIUM	OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows r…	NVD-CWE-noinfo	CVE-2010-4180	cpe:2.3:a:openssl:openssl::	1.0.0		1.0.0c 0.9.8q	2024-11-21 10:20 2010-12-7	Show	GitHub Exploit DB Packet Storm

199	- 7.6	HIGH	Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to ex…	CWE-362 Race Condition	CVE-2010-3864	cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2.3:a:openssl:openssl:1.0.0:* cpe:2.3:a:openssl:openssl:0.9.8o:* cpe:2.…				2024-11-21 10:19 2010-11-18	Show	GitHub Exploit DB Packet Storm

200	- 4.3	MEDIUM	Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dep…	CWE-399 Resource Management Errors	CVE-2010-2939	cpe:2.3:a:openssl:openssl:1.0.0a:* cpe:2.3:a:openssl:openssl:0.9.8:* cpe:2.3:a:openssl:openssl:0.9.7:*				2024-11-21 10:17 2010-08-18	Show	GitHub Exploit DB Packet Storm