Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 253 CRITICAL 15 HIGH 78 MEDIUM 146 LOW 14
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • Apache License v2.0
  • OpenSSL License
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り
Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 16 24 2
22 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
23 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 31 63 10
24 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
25 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
26 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
27 openssl a.00(LTS) a.00.09.07l 0 0 0 0
28 openssl 3 3.6.2 April 7, 2026 3 21 16 0
29 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
30 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 4.9
- 		MEDIUM
Network 		A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires e… CWE-125
Out-of-bounds Read 		CVE-2022-4203 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.8 2024-11-21 16:34
2023-02-25 		Show GitHub Exploit DB Packet Storm
22 7.5
- 		HIGH
Network 		An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an applica… CWE-476
 NULL Pointer Dereference 		CVE-2023-0217 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.7 2024-11-21 16:36
2023-02-9 		Show GitHub Exploit DB Packet Storm
23 7.5
- 		HIGH
Network 		An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the de… CWE-476
 NULL Pointer Dereference 		CVE-2023-0216 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.7 2024-11-21 16:36
2023-02-9 		Show GitHub Exploit DB Packet Storm
24 7.5
- 		HIGH
Network 		A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but… CWE-476
 NULL Pointer Dereference 		CVE-2023-0401 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.7 2024-11-21 16:37
2023-02-9 		Show GitHub Exploit DB Packet Storm
25 7.4
- 		HIGH
Network 		There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL… CWE-843
Type Confusion 		CVE-2023-0286 cpe:2.3:a:openssl:openssl:*:* 3.0.0
1.1.1
1.0.2



3.0.8
1.1.1t
1.0.2zg 		2024-11-21 16:36
2023-02-9 		Show GitHub Exploit DB Packet Storm
26 7.5
- 		HIGH
Network 		The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilitie… CWE-416
 Use After Free 		CVE-2023-0215 cpe:2.3:a:openssl:openssl:*:* 3.0.0
1.1.1
1.0.2



3.0.8
1.1.1t
1.0.2zg 		2024-11-21 16:36
2023-02-9 		Show GitHub Exploit DB Packet Storm
27 7.5
- 		HIGH
Network 		The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", … CWE-415
 Double Free 		CVE-2022-4450 cpe:2.3:a:openssl:openssl:*:* 3.0.0
1.1.1

3.0.8
1.1.1t 		2024-11-21 16:35
2023-02-9 		Show GitHub Exploit DB Packet Storm
28 5.9
- 		MEDIUM
Network 		A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a succes… CWE-203
 Information Exposure Through Discrepancy 		CVE-2022-4304 cpe:2.3:a:openssl:openssl:*:* 3.0.0
1.1.1
1.0.2



3.0.8
1.1.1t
1.0.2zg 		2024-11-21 16:34
2023-02-9 		Show GitHub Exploit DB Packet Storm
29 7.5
- 		HIGH
Network 		If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) t… CWE-667
 Improper Locking 		CVE-2022-3996 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.7 2024-11-21 16:20
2022-12-14 		Show GitHub Exploit DB Packet Storm
30 7.5
- 		HIGH
Network 		A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either… CWE-120
Classic Buffer Overflow 		CVE-2022-3786 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.7 2026-04-14 19:16
2022-11-2 		Show GitHub Exploit DB Packet Storm