Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	OpenSSL License Original SSLeay License オープンソース商用ライセンス有り Apache License v2.0

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
61	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
62	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
63	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
64	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
65	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
66	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
67	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
68	openssl 3	3.6.2	April 7, 2026			3	21	16	0
69	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
70	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
61	5.9 4.3	MEDIUM Network	The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in Ope…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2018-0734	cpe:2.3:a:openssl:openssl:1.1.1:* cpe:2.3:a:openssl:openssl::	1.0.2 1.1.0	1.0.2p 1.1.0i	2024-11-21 12:38 2018-10-30	Show	GitHub Exploit DB Packet Storm

62	5.9 4.3	MEDIUM Network	The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in O…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2018-0735	cpe:2.3:a:openssl:openssl:1.1.1:* cpe:2.3:a:openssl:openssl::	1.1.0	1.1.0i	2024-11-21 12:38 2018-10-29	Show	GitHub Exploit DB Packet Storm

63	5.5 2.1	MEDIUM Local	A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.	-	CVE-2016-7056	cpe:2.3:a:openssl:openssl::		1.0.1u	2024-11-21 11:57 2018-09-11	Show	GitHub Exploit DB Packet Storm

64	7.5 5.0	HIGH Network	During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long pe…	CWE-320 Key Management Errors	CVE-2018-0732	cpe:2.3:a:openssl:openssl::	1.1.0 1.0.2	1.1.0h 1.0.2o	2024-11-21 12:38 2018-06-12	Show	GitHub Exploit DB Packet Storm

65	5.9 4.3	MEDIUM Network	The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key gen…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2018-0737	cpe:2.3:a:openssl:openssl::	1.0.2b 1.1.0	1.0.2o 1.1.0h	2024-11-21 12:38 2018-04-17	Show	GitHub Exploit DB Packet Storm

66	6.5 4.3	MEDIUM Network	Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of …	CWE-674 Uncontrolled Recursion	CVE-2018-0739	cpe:2.3:a:openssl:openssl::	1.0.2b 1.1.0	1.0.2n 1.1.0g	2024-11-21 12:38 2018-03-28	Show	GitHub Exploit DB Packet Storm

67	5.9 4.3	MEDIUM Network	Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that wou…	NVD-CWE-noinfo	CVE-2018-0733	cpe:2.3:a:openssl:openssl::	1.1.0	1.1.0g	2024-11-21 12:38 2018-03-28	Show	GitHub Exploit DB Packet Storm

68	5.9 4.3	MEDIUM Network	There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA…	CWE-200 Information Exposure	CVE-2017-3738	cpe:2.3:a:openssl:openssl:1.1.0g:* cpe:2.3:a:openssl:openssl:1.1.0f:* cpe:2.3:a:openssl:openssl:1.1.0e:* cpe:2…			2024-11-21 12:26 2017-12-8	Show	GitHub Exploit DB Packet Storm

69	5.9 4.3	MEDIUM Network	OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and w…	CWE-125 CWE-787 Out-of-bounds Read Out-of-bounds Write	CVE-2017-3737	cpe:2.3:a:openssl:openssl:1.0.2m:* cpe:2.3:a:openssl:openssl:1.0.2l:* cpe:2.3:a:openssl:openssl:1.0.2k:* cpe:2…			2024-11-21 12:26 2017-12-8	Show	GitHub Exploit DB Packet Storm

70	7.5 5.0	HIGH Network	A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote…	-	CVE-2016-8610	cpe:2.3:a:openssl:openssl:1.1.0:* cpe:2.3:a:openssl:openssl:1.0.1:* cpe:2.3:a:openssl:openssl:0.9.8:* cpe:2.3:…	1.0.2	1.0.2h	2024-11-21 11:59 2017-11-14	Show	GitHub Exploit DB Packet Storm