Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	Apache License v2.0 OpenSSL License Original SSLeay License オープンソース商用ライセンス有り

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
31	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
32	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
33	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
34	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
35	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
36	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
37	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
38	openssl 3	3.6.2	April 7, 2026			3	21	16	0
39	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
40	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
31	7.5 -	HIGH Network	A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either…	CWE-787 Out-of-bounds Write	CVE-2022-3602	cpe:2.3:a:openssl:openssl::	3.0.0	3.0.7	2026-04-14 19:16 2022-11-2	Show	GitHub Exploit DB Packet Storm

32	7.5 -	HIGH Network	OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead …	CWE-476 NULL Pointer Dereference	CVE-2022-3358	cpe:2.3:a:openssl:openssl::	3.0.0	3.0.6	2024-11-21 16:19 2022-10-12	Show	GitHub Exploit DB Packet Storm

33	5.3 5.0	MEDIUM Network	AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data th…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2022-2097	cpe:2.3:a:openssl:openssl::	1.1.1 3.0.0	1.1.1q 3.0.5	2024-11-21 16:00 2022-07-5	Show	GitHub Exploit DB Packet Storm

34	9.8 10.0	CRITICAL Network	The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys…	CWE-787 Out-of-bounds Write	CVE-2022-2274	cpe:2.3:a:openssl:openssl:3.0.4:*			2024-11-21 16:00 2022-07-1	Show	GitHub Exploit DB Packet Storm

35	9.8 10.0	CRITICAL Network	In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command inj…	CWE-78 OS Command	CVE-2022-2068	cpe:2.3:a:openssl:openssl::	3.0.0 1.1.1 1.0.2	3.0.4 1.1.1p 1.0.2zf	2024-11-21 16:00 2022-06-22	Show	GitHub Exploit DB Packet Storm

36	7.5 5.0	HIGH Network	The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificat…	CWE-459 Incomplete Cleanup	CVE-2022-1473	cpe:2.3:a:openssl:openssl::	3.0.0	3.0.3	2024-11-21 15:40 2022-05-4	Show	GitHub Exploit DB Packet Storm

37	5.9 4.3	MEDIUM Network	The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performin…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2022-1434	cpe:2.3:a:openssl:openssl::	3.0.0	3.0.3	2024-11-21 15:40 2022-05-4	Show	GitHub Exploit DB Packet Storm

38	5.3 4.3	MEDIUM Network	The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a succ…	CWE-295 Improper Certificate Validation	CVE-2022-1343	cpe:2.3:a:openssl:openssl::	3.0.0	3.0.3	2024-11-21 15:40 2022-05-4	Show	GitHub Exploit DB Packet Storm

39	9.8 10.0	CRITICAL Network	The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. …	CWE-78 OS Command	CVE-2022-1292	cpe:2.3:a:openssl:openssl::	3.0.0 1.0.2 1.1.1	3.0.3 1.0.2ze 1.1.1o	2024-11-21 15:40 2022-05-4	Show	GitHub Exploit DB Packet Storm

40	7.5 5.0	HIGH Network	The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates tha…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2022-0778	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.0 3.0.0	1.0.2zd 1.1.1n 3.0.2	2026-04-14 19:16 2022-03-16	Show	GitHub Exploit DB Packet Storm