Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License オープンソース

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
201	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
202	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
203	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
204	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
205	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
206	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
207	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
208	openssl 3	3.6.2	April 7, 2026			3	21	16	0
209	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
210	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
201	- 7.5	HIGH	The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which al…	CWE-310 Cryptographic Issues	CVE-2010-0742	cpe:2.3:a:openssl:openssl:1.0.0:beta5 cpe:2.3:a:openssl:openssl:1.0.0:beta4 cpe:2.3:a:openssl:openssl:1.0.0:beta3…		0.9.8n		2017-09-19 10:30 2010-06-3	Show	GitHub Exploit DB Packet Storm

202	- 6.4	MEDIUM	RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which mi…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-1633	cpe:2.3:a:openssl:openssl:1.0.0:beta5 cpe:2.3:a:openssl:openssl:1.0.0:beta4 cpe:2.3:a:openssl:openssl:1.0.0:beta3…				2023-11-7 11:05 2010-06-3	Show	GitHub Exploit DB Packet Storm

203	- 5.0	MEDIUM	The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a N…	CWE-20 Improper Input Validation	CVE-2010-0740	cpe:2.3:a:openssl:openssl:0.9.8m:* cpe:2.3:a:openssl:openssl:0.9.8l:* cpe:2.3:a:openssl:openssl:0.9.8k:* cpe:2…				2023-11-7 11:05 2010-03-27	Show	GitHub Exploit DB Packet Storm

204	- 10.0	HIGH	OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, wh…	CWE-20 Improper Input Validation	CVE-2009-3245	cpe:2.3:a:openssl:openssl:0.9.8k:* cpe:2.3:a:openssl:openssl:0.9.8j:* cpe:2.3:a:openssl:openssl:0.9.8i:* cpe:2…		0.9.8l		2017-09-19 10:29 2010-03-6	Show	GitHub Exploit DB Packet Storm

205	- 4.3	MEDIUM	The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which …	CWE-20 Improper Input Validation	CVE-2010-0433	cpe:2.3:a:openssl:openssl:0.9.8l:* cpe:2.3:a:openssl:openssl:0.9.8k:* cpe:2.3:a:openssl:openssl:0.9.8j:* cpe:2…		0.9.8m		2023-02-13 13:16 2010-03-6	Show	GitHub Exploit DB Packet Storm

206	- 4.0	MEDIUM	OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signatu…	CWE-310 Cryptographic Issues	CVE-2010-0928	cpe:2.3:a:openssl:openssl:0.9.8i:*				2023-11-7 11:05 2010-03-6	Show	GitHub Exploit DB Packet Storm

207	- 5.0	MEDIUM	Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consu…	CWE-399 Resource Management Errors	CVE-2009-4355	cpe:2.3:a:openssl:openssl:1.0.0:beta4 cpe:2.3:a:openssl:openssl:1.0.0:beta3 cpe:2.3:a:openssl:openssl:1.0.0:beta2…		0.9.8l		2026-04-23 09:35 2010-01-15	Show	GitHub Exploit DB Packet Storm

208	- 5.8	MEDIUM	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…	CWE-295 Improper Certificate Validation	CVE-2009-3555	cpe:2.3:a:openssl:openssl:1.0:* cpe:2.3:a:openssl:openssl::		0.9.8k		2026-04-23 09:35 2009-11-10	Show	GitHub Exploit DB Packet Storm

209	- 5.1	MEDIUM	The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, whi…	CWE-295 Improper Certificate Validation	CVE-2009-2409	cpe:2.3:a:openssl:openssl::	0.9.8	0.9.8k		2026-04-23 09:35 2009-07-31	Show	GitHub Exploit DB Packet Storm

210	- 5.0	MEDIUM	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an o…	CWE-476 NULL Pointer Dereference	CVE-2009-1387	cpe:2.3:a:openssl:openssl::	0.9.8		0.9.8m	2026-04-23 09:35 2009-06-5	Show	GitHub Exploit DB Packet Storm