Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Apache License v2.0 OpenSSL License Original SSLeay License オープンソース商用ライセンス有り

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
231	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
232	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
233	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
234	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
235	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
236	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
237	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
238	openssl 3	3.6.2	April 7, 2026			3	21	16	0
239	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
240	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
231	- 4.3	MEDIUM	OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PK…	CWE-310 Cryptographic Issues	CVE-2006-4339	cpe:2.3:a:openssl:openssl:0.9.8b:* cpe:2.3:a:openssl:openssl:0.9.8a:* cpe:2.3:a:openssl:openssl:0.9.8:* cpe:2.…	0.9.7		2018-10-18 06:35 2006-09-6	Show	GitHub Exploit DB Packet Storm

232	- 5.0	MEDIUM	The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preven…	NVD-CWE-Other	CVE-2005-2969	cpe:2.3:a:openssl:openssl:0.9.8:* cpe:2.3:a:openssl:openssl:0.9.7g:* cpe:2.3:a:openssl:openssl:0.9.7f:* cpe:2.…			2018-05-3 10:29 2005-10-19	Show	GitHub Exploit DB Packet Storm

233	7.5 5.0	HIGH Network	The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certi…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2005-2946	cpe:2.3:a:openssl:openssl::		0.9.8	2024-02-9 12:13 2005-09-17	Show	GitHub Exploit DB Packet Storm

234	- 5.1	MEDIUM	The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES…	NVD-CWE-Other	CVE-2005-1797	cpe:2.3:a:openssl:openssl:0.9.7d:* cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2…			2008-09-6 05:50 2005-05-26	Show	GitHub Exploit DB Packet Storm

235	- 2.1	LOW	The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.	NVD-CWE-Other	CVE-2004-0975	cpe:2.3:a:openssl:openssl:0.9.7d:* cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.6m:* cpe:2…			2017-10-11 10:29 2005-02-9	Show	GitHub Exploit DB Packet Storm

236	- 5.0	MEDIUM	OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test …	NVD-CWE-Other	CVE-2004-0081	cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2…			2021-11-9 00:48 2004-11-23	Show	GitHub Exploit DB Packet Storm

237	7.5 5.0	HIGH Network	The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null…	CWE-476 NULL Pointer Dereference	CVE-2004-0079	cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2…			2023-12-29 00:33 2004-11-23	Show	GitHub Exploit DB Packet Storm

238	- 5.0	MEDIUM	The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote at…	CWE-125 Out-of-bounds Read	CVE-2004-0112	cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2…			2024-02-16 05:54 2004-11-23	Show	GitHub Exploit DB Packet Storm

239	- 5.0	MEDIUM	OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.	NVD-CWE-Other	CVE-2003-0851	cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.…			2018-10-31 01:26 2003-12-1	Show	GitHub Exploit DB Packet Storm

240	- 5.0	MEDIUM	Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.	NVD-CWE-Other	CVE-2003-0543	cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6:*			2018-05-3 10:29 2003-11-17	Show	GitHub Exploit DB Packet Storm