Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
251 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
252 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
253 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
254 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
255 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
256 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
257 openssl a.00(LTS) a.00.09.07l 0 0 0 0
258 openssl 3 3.6.3 June 9, 2026 4 26 19 1
259 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
260 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
251 7.5
5.0
HIGH
Network
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certi… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm
CVE-2005-2946 cpe:2.3:a:openssl:openssl:*:* 0.9.8 2024-02-9 12:13
2005-09-17
Show GitHub Exploit DB Packet Storm
252 -
5.1
MEDIUM The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES… NVD-CWE-Other
CVE-2005-1797 cpe:2.3:a:openssl:openssl:0.9.7d:*
cpe:2.3:a:openssl:openssl:0.9.7c:*
cpe:2.3:a:openssl:openssl:0.9.7b:*
cpe:2…
2008-09-6 05:50
2005-05-26
Show GitHub Exploit DB Packet Storm
253 -
2.1
LOW The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. NVD-CWE-Other
CVE-2004-0975 cpe:2.3:a:openssl:openssl:0.9.7d:*
cpe:2.3:a:openssl:openssl:0.9.7c:*
cpe:2.3:a:openssl:openssl:0.9.6m:*
cpe:2…
2017-10-11 10:29
2005-02-9
Show GitHub Exploit DB Packet Storm
254 -
5.0
MEDIUM OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test … NVD-CWE-Other
CVE-2004-0081 cpe:2.3:a:openssl:openssl:0.9.7c:*
cpe:2.3:a:openssl:openssl:0.9.7b:*
cpe:2.3:a:openssl:openssl:0.9.7a:*
cpe:2…
2021-11-9 00:48
2004-11-23
Show GitHub Exploit DB Packet Storm
255 7.5
5.0
HIGH
Network
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null… CWE-476
 NULL Pointer Dereference
CVE-2004-0079 cpe:2.3:a:openssl:openssl:0.9.7c:*
cpe:2.3:a:openssl:openssl:0.9.7b:*
cpe:2.3:a:openssl:openssl:0.9.7a:*
cpe:2…
2023-12-29 00:33
2004-11-23
Show GitHub Exploit DB Packet Storm
256 -
5.0
MEDIUM The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote at… CWE-125
Out-of-bounds Read
CVE-2004-0112 cpe:2.3:a:openssl:openssl:0.9.7c:*
cpe:2.3:a:openssl:openssl:0.9.7b:*
cpe:2.3:a:openssl:openssl:0.9.7a:*
cpe:2…
2024-02-16 05:54
2004-11-23
Show GitHub Exploit DB Packet Storm
257 -
5.0
MEDIUM OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. NVD-CWE-Other
CVE-2003-0851 cpe:2.3:a:openssl:openssl:0.9.7b:*
cpe:2.3:a:openssl:openssl:0.9.7a:*
cpe:2.3:a:openssl:openssl:0.9.7:*
cpe:2.…
2018-10-31 01:26
2003-12-1
Show GitHub Exploit DB Packet Storm
258 -
5.0
MEDIUM Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. NVD-CWE-Other
CVE-2003-0543 cpe:2.3:a:openssl:openssl:0.9.7:*
cpe:2.3:a:openssl:openssl:0.9.6:*
2018-05-3 10:29
2003-11-17
Show GitHub Exploit DB Packet Storm
259 -
5.0
MEDIUM OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that… NVD-CWE-Other
CVE-2003-0544 cpe:2.3:a:openssl:openssl:0.9.7:*
cpe:2.3:a:openssl:openssl:0.9.6:*
2018-05-3 10:29
2003-11-17
Show GitHub Exploit DB Packet Storm
260 -
5.0
MEDIUM OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that c… NVD-CWE-Other
CVE-2002-1568 cpe:2.3:a:openssl:openssl:0.9.6e:* 2016-10-18 11:27
2003-11-17
Show GitHub Exploit DB Packet Storm