Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License オープンソース

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
211	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
212	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
213	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
214	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
215	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
216	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
217	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
218	openssl 3	3.6.2	April 7, 2026			3	21	16	0
219	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
220	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	more than	less than	Update date Published date	Show Affected	Exploit PoC Search
211	- 5.0	MEDIUM	ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHell…	CWE-476 NULL Pointer Dereference	CVE-2009-1386	cpe:2.3:a:openssl:openssl::			0.9.8	0.9.8i	2026-04-23 09:35 2009-06-5	Show	GitHub Exploit DB Packet Storm

212	- 5.0	MEDIUM	Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) an…	CWE-399 Resource Management Errors	CVE-2009-1379	cpe:2.3:a:openssl:openssl:1.0.0:beta2					2026-04-23 09:35 2009-05-20	Show	GitHub Exploit DB Packet Storm

213	- 5.0	MEDIUM	Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consum…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2009-1378	cpe:2.3:a:openssl:openssl::			0.9.8	0.9.8m	2026-04-23 09:35 2009-05-20	Show	GitHub Exploit DB Packet Storm

214	- 5.0	MEDIUM	The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future e…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-1377	cpe:2.3:a:openssl:openssl::	0.9.8			0.9.8m	2026-04-23 09:35 2009-05-20	Show	GitHub Exploit DB Packet Storm

215	- 5.0	MEDIUM	OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and …	CWE-189 Numeric Errors	CVE-2009-0789	cpe:2.3:a:openssl:openssl:0.9.8i:* cpe:2.3:a:openssl:openssl:0.9.8h:* cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2…		0.9.8j			2026-04-23 09:35 2009-03-28	Show	GitHub Exploit DB Packet Storm

216	- 2.6	LOW	The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate …	CWE-287 Improper Authentication	CVE-2009-0591	cpe:2.3:a:openssl:openssl:0.9.8j:* cpe:2.3:a:openssl:openssl:0.9.8i:* cpe:2.3:a:openssl:openssl:0.9.8h:*					2026-04-23 09:35 2009-03-28	Show	GitHub Exploit DB Packet Storm

217	- 5.0	MEDIUM	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-0590	cpe:2.3:a:openssl:openssl::				0.9.8k	2026-04-23 09:35 2009-03-28	Show	GitHub Exploit DB Packet Storm

218	- 7.5	HIGH	OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-mid…	CWE-287 Improper Authentication	CVE-2009-0653	cpe:2.3:a:openssl:openssl:0.9.6:*					2026-04-23 09:35 2009-02-21	Show	GitHub Exploit DB Packet Storm

219	- 5.8	MEDIUM	OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/…	CWE-20 Improper Input Validation	CVE-2008-5077	cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2…		0.9.8h			2026-04-23 09:35 2009-01-8	Show	GitHub Exploit DB Packet Storm

220	- 5.0	MEDIUM	Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multipl…	CWE-399 Resource Management Errors	CVE-2008-1678	cpe:2.3:a:openssl:openssl:0.9.8h:* cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:*					2026-04-23 09:35 2008-07-11	Show	GitHub Exploit DB Packet Storm