Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Apache License v2.0 OpenSSL License Original SSLeay License オープンソース商用ライセンス有り

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
241	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
242	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
243	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
244	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
245	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
246	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
247	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
248	openssl 3	3.6.2	April 7, 2026			3	21	16	0
249	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
250	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	less than	Update date Published date	Show Affected	Exploit PoC Search
241	- 5.0	MEDIUM	OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that…	NVD-CWE-Other	CVE-2003-0544	cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6:*		2018-05-3 10:29 2003-11-17	Show	GitHub Exploit DB Packet Storm

242	- 5.0	MEDIUM	OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that c…	NVD-CWE-Other	CVE-2002-1568	cpe:2.3:a:openssl:openssl:0.9.6e:*		2016-10-18 11:27 2003-11-17	Show	GitHub Exploit DB Packet Storm

243	9.8 10.0	CRITICAL Network	Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 …	CWE-415 Double Free	CVE-2003-0545	cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6:*		2024-02-3 00:23 2003-11-17	Show	GitHub Exploit DB Packet Storm

244	- 5.0	MEDIUM	OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra red…	NVD-CWE-Other	CVE-2003-0147	cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6i:* cpe:2.…		2018-10-20 00:29 2003-03-31	Show	GitHub Exploit DB Packet Storm

245	- 7.5	HIGH	The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses…	NVD-CWE-Other	CVE-2003-0131	cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6i:* cpe:2.…		2018-10-20 00:29 2003-03-24	Show	GitHub Exploit DB Packet Storm

246	- 5.0	MEDIUM	ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing…	CWE-203 Information Exposure Through Discrepancy	CVE-2003-0078	cpe:2.3:a:openssl:openssl:0.9.7:beta6 cpe:2.3:a:openssl:openssl:0.9.7:beta5 cpe:2.3:a:openssl:openssl:0.9.7:beta4…	0.9.6i	2024-02-15 00:07 2003-03-3	Show	GitHub Exploit DB Packet Storm

247	- 7.5	HIGH	OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and p…	NVD-CWE-Other	CVE-2002-0655	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1 cpe:2.3:a:openssl:openssl:0.9.6d:*		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm

248	- 7.5	HIGH	Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SS…	NVD-CWE-Other	CVE-2002-0656	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1 cpe:2.3:a:openssl:openssl:0.9.6d:*		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm

249	- 7.5	HIGH	Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.	NVD-CWE-Other	CVE-2002-0657	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm

250	- 5.0	MEDIUM	The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.	NVD-CWE-Other	CVE-2002-0659	cpe:2.3:a:openssl:openssl:0.9.7:beta2 cpe:2.3:a:openssl:openssl:0.9.7:beta1 cpe:2.3:a:openssl:openssl:0.9.6d:*		2008-09-11 04:12 2002-08-12	Show	GitHub Exploit DB Packet Storm