Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
221	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
222	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
223	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
224	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
225	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
226	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
227	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
228	openssl 3	3.6.2	April 7, 2026			3	21	16	0
229	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
230	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
221	- 4.3	MEDIUM	Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello pack…	CWE-189 Numeric Errors	CVE-2008-0891	cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:*			2026-04-23 09:35 2008-05-30	Show	GitHub Exploit DB Packet Storm

222	- 4.3	MEDIUM	OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which trigge…	CWE-476 NULL Pointer Dereference	CVE-2008-1672	cpe:2.3:a:openssl:openssl:0.9.8g:* cpe:2.3:a:openssl:openssl:0.9.8f:*			2026-04-23 09:35 2008-05-30	Show	GitHub Exploit DB Packet Storm

223	7.5 7.8	HIGH Network	OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to cond…	CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	CVE-2008-0166	cpe:2.3:a:openssl:openssl::	0.9.8c-1	0.9.8g	2026-04-23 09:35 2008-05-14	Show	GitHub Exploit DB Packet Storm

224	- 9.3	HIGH	Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.	CWE-189 Numeric Errors	CVE-2007-4995	cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2.3:a:openssl:openssl:0.9.8d:* cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2…			2026-04-23 09:35 2007-10-13	Show	GitHub Exploit DB Packet Storm

225	- 6.8	MEDIUM	Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that trigger…	CWE-189 Numeric Errors	CVE-2007-5135	cpe:2.3:a:openssl:openssl:0.9.8f:* cpe:2.3:a:openssl:openssl:0.9.8e:* cpe:2.3:a:openssl:openssl:0.9.8d:* cpe:2…			2026-04-23 09:35 2007-09-28	Show	GitHub Exploit DB Packet Storm

226	- 1.2	LOW	The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attac…	NVD-CWE-Other	CVE-2007-3108	cpe:2.3:a:openssl:openssl::		0.9.8e	2026-04-23 09:35 2007-08-8	Show	GitHub Exploit DB Packet Storm

227	- 7.8	HIGH	OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improper…	CWE-399 Resource Management Errors	CVE-2006-2937	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm

228	- 7.8	HIGH	OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2…	CWE-399 Resource Management Errors	CVE-2006-2940	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm

229	- 10.0	HIGH	Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2006-3738	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm

230	- 4.3	MEDIUM	The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via …	CWE-476 NULL Pointer Dereference	CVE-2006-4343	cpe:2.3:a:openssl:openssl:0.9.8c:* cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2…			2026-04-23 09:35 2006-09-29	Show	GitHub Exploit DB Packet Storm