Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • OpenSSL License
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り
  • Apache License v2.0

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
51 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
52 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
53 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
54 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
55 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
56 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
57 openssl a.00(LTS) a.00.09.07l 0 0 0 0
58 openssl 3 3.6.3 June 9, 2026 4 26 19 1
59 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
60 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
51 5.3
5.0
MEDIUM
Network
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data th… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-2097 cpe:2.3:a:openssl:openssl:*:* 1.1.1
3.0.0


1.1.1q
3.0.5
2024-11-21 16:00
2022-07-5
Show GitHub Exploit DB Packet Storm
52 9.8
10.0
CRITICAL
Network
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys… CWE-787
 Out-of-bounds Write
CVE-2022-2274 cpe:2.3:a:openssl:openssl:3.0.4:* 2024-11-21 16:00
2022-07-1
Show GitHub Exploit DB Packet Storm
53 9.8
10.0
CRITICAL
Network
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command inj… CWE-78
OS Command 
CVE-2022-2068 cpe:2.3:a:openssl:openssl:*:* 3.0.0
1.1.1
1.0.2




3.0.4
1.1.1p
1.0.2zf
2024-11-21 16:00
2022-06-22
Show GitHub Exploit DB Packet Storm
54 7.5
5.0
HIGH
Network
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificat… CWE-459
 Incomplete Cleanup
CVE-2022-1473 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.3 2024-11-21 15:40
2022-05-4
Show GitHub Exploit DB Packet Storm
55 5.9
4.3
MEDIUM
Network
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performin… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-1434 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.3 2024-11-21 15:40
2022-05-4
Show GitHub Exploit DB Packet Storm
56 5.3
4.3
MEDIUM
Network
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a succ… CWE-295
Improper Certificate Validation 
CVE-2022-1343 cpe:2.3:a:openssl:openssl:*:* 3.0.0 3.0.3 2024-11-21 15:40
2022-05-4
Show GitHub Exploit DB Packet Storm
57 9.8
10.0
CRITICAL
Network
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. … CWE-78
OS Command 
CVE-2022-1292 cpe:2.3:a:openssl:openssl:*:* 3.0.0
1.0.2
1.1.1




3.0.3
1.0.2ze
1.1.1o
2024-11-21 15:40
2022-05-4
Show GitHub Exploit DB Packet Storm
58 7.5
5.0
HIGH
Network
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates tha… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-0778 cpe:2.3:a:openssl:openssl:*:* 1.0.2
1.1.0
3.0.0




1.0.2zd
1.1.1n
3.0.2
2026-04-14 19:16
2022-03-16
Show GitHub Exploit DB Packet Storm
59 5.9
4.3
MEDIUM
Network
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because… NVD-CWE-noinfo
CVE-2021-4160 cpe:2.3:a:openssl:openssl:3.0.0:beta2
cpe:2.3:a:openssl:openssl:3.0.0:beta1
cpe:2.3:a:openssl:openssl:3.0.0:alpha…
1.0.2
1.1.1
1.0.2zb


1.1.1m
2024-11-21 15:37
2022-01-29
Show GitHub Exploit DB Packet Storm
60 7.5
5.0
HIGH
Network
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-4044 cpe:2.3:a:openssl:openssl:3.0.0:*
cpe:2.3:a:openssl:openssl:1.1.0:*
cpe:2.3:a:openssl:openssl:*:*
1.0.2 2024-11-21 15:36
2021-12-15
Show GitHub Exploit DB Packet Storm