Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
41	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
42	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
43	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
44	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
45	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
46	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
47	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
48	openssl 3	3.6.2	April 7, 2026			3	21	16	0
49	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
50	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
41	5.9 4.3	MEDIUM Network	There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because…	NVD-CWE-noinfo	CVE-2021-4160	cpe:2.3:a:openssl:openssl:3.0.0:beta2 cpe:2.3:a:openssl:openssl:3.0.0:beta1 cpe:2.3:a:openssl:openssl:3.0.0:alpha…	1.0.2 1.1.1	1.0.2zb	1.1.1m	2024-11-21 15:37 2022-01-29	Show	GitHub Exploit DB Packet Storm

42	7.5 5.0	HIGH Network	Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2021-4044	cpe:2.3:a:openssl:openssl:3.0.0:* cpe:2.3:a:openssl:openssl:1.1.0:* cpe:2.3:a:openssl:openssl::			1.0.2	2024-11-21 15:36 2021-12-15	Show	GitHub Exploit DB Packet Storm

43	7.4 5.8	HIGH Network	ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C…	CWE-125 Out-of-bounds Read	CVE-2021-3712	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1		1.0.2za 1.1.1l	2026-04-14 19:16 2021-08-25	Show	GitHub Exploit DB Packet Storm

44	9.8 7.5	CRITICAL Network	In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "o…	CWE-120 Classic Buffer Overflow	CVE-2021-3711	cpe:2.3:a:openssl:openssl::	1.1.1		1.1.1l	2024-11-21 15:22 2021-08-25	Show	GitHub Exploit DB Packet Storm

45	7.4 5.8	HIGH Network	The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disal…	CWE-295 Improper Certificate Validation	CVE-2021-3450	cpe:2.3:a:openssl:openssl::	1.1.1h		1.1.1k	2024-11-21 15:21 2021-03-26	Show	GitHub Exploit DB Packet Storm

46	5.9 4.3	MEDIUM Network	An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where i…	CWE-476 NULL Pointer Dereference	CVE-2021-3449	cpe:2.3:a:openssl:openssl::	1.1.1		1.1.1k	2024-11-21 15:21 2021-03-26	Show	GitHub Exploit DB Packet Storm

47	5.9 4.3	MEDIUM Network	The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails …	CWE-476 NULL Pointer Dereference	CVE-2021-23841	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1		1.0.2y 1.1.1j	2024-11-21 14:51 2021-02-17	Show	GitHub Exploit DB Packet Storm

48	7.5 5.0	HIGH Network	Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integ…	CWE-190 Integer Overflow or Wraparound	CVE-2021-23840	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1		1.0.2y 1.1.1j	2024-11-21 14:51 2021-02-17	Show	GitHub Exploit DB Packet Storm

49	3.7 4.3	LOW Network	OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version ro…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2021-23839	cpe:2.3:a:openssl:openssl::	1.0.2s	1.0.2x		2024-11-21 14:51 2021-02-17	Show	GitHub Exploit DB Packet Storm

50	5.9 4.3	MEDIUM Network	The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares d…	CWE-476 NULL Pointer Dereference	CVE-2020-1971	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.1		1.0.2x 1.1.1i	2024-11-21 14:11 2020-12-9	Show	GitHub Exploit DB Packet Storm