Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License オープンソース

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
51	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
52	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
53	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
54	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
55	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
56	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
57	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
58	openssl 3	3.6.2	April 7, 2026			3	21	16	0
59	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
60	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
51	3.7 4.3	LOW Network	The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based cipher…	CWE-203 Information Exposure Through Discrepancy	CVE-2020-1968	cpe:2.3:a:openssl:openssl::	1.0.2	1.0.2v		2024-11-21 14:11 2020-09-9	Show	GitHub Exploit DB Packet Storm

52	7.5 5.0	HIGH Network	Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signat…	CWE-476 NULL Pointer Dereference	CVE-2020-1967	cpe:2.3:a:openssl:openssl::	1.1.1d	1.1.1f		2024-11-21 14:11 2020-04-21	Show	GitHub Exploit DB Packet Storm

53	5.3 5.0	MEDIUM Network	There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024,…	CWE-190 Integer Overflow or Wraparound	CVE-2019-1551	cpe:2.3:a:openssl:openssl::	1.1.1 1.0.2	1.1.1d 1.0.2t		2024-11-21 13:36 2019-12-7	Show	GitHub Exploit DB Packet Storm

54	3.7 4.3	LOW Network	In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recov…	CWE-327 CWE-203 Use of a Broken or Risky Cryptographic Algorithm Information Exposure Through Discrepancy	CVE-2019-1563	cpe:2.3:a:openssl:openssl::	1.1.1 1.0.2 1.1.0	1.1.1c 1.0.2s 1.1.0k		2024-11-21 13:36 2019-09-11	Show	GitHub Exploit DB Packet Storm

55	5.3 5.0	MEDIUM Network	OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes…	CWE-330 Use of Insufficiently Random Values	CVE-2019-1549	cpe:2.3:a:openssl:openssl::	1.1.1	1.1.1c		2024-11-21 13:36 2019-09-11	Show	GitHub Exploit DB Packet Storm

56	4.7 1.9	MEDIUM Local	Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit paramet…	NVD-CWE-noinfo	CVE-2019-1547	cpe:2.3:a:openssl:openssl::	1.1.1 1.0.2 1.1.0	1.1.1c 1.0.2s 1.1.0k		2024-11-21 13:36 2019-09-11	Show	GitHub Exploit DB Packet Storm

57	3.3 1.9	LOW Local	OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLD…	CWE-295 Improper Certificate Validation	CVE-2019-1552	cpe:2.3:a:openssl:openssl::	1.1.1 1.0.2 1.1.0	1.1.1c 1.0.2s 1.1.0k		2024-11-21 13:36 2019-07-31	Show	GitHub Exploit DB Packet Storm

58	7.4 5.8	HIGH Network	ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a vari…	CWE-327 CWE-330 Use of a Broken or Risky Cryptographic Algorithm Use of Insufficiently Random Values	CVE-2019-1543	cpe:2.3:a:openssl:openssl::	1.1.1 1.1.0	1.1.1b 1.1.0j		2024-11-21 13:36 2019-03-7	Show	GitHub Exploit DB Packet Storm

59	5.9 4.3	MEDIUM Network	If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling appl…	CWE-203 Information Exposure Through Discrepancy	CVE-2019-1559	cpe:2.3:a:openssl:openssl::	1.0.2		1.0.2r	2024-11-21 13:36 2019-02-28	Show	GitHub Exploit DB Packet Storm

60	4.7 1.9	MEDIUM Local	Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.	CWE-203 Information Exposure Through Discrepancy	CVE-2018-5407	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.0		1.0.2q 1.1.0i	2024-11-21 13:08 2018-11-16	Show	GitHub Exploit DB Packet Storm