Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
71	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
72	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
73	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
74	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
75	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
76	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
77	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
78	openssl 3	3.6.2	April 7, 2026			3	21	16	0
79	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
80	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
71	6.5 4.0	MEDIUM Network	There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RS…	CWE-200 Information Exposure	CVE-2017-3736	cpe:2.3:a:openssl:openssl::	1.1.0 1.0.2	1.1.0g 1.0.2m	2024-11-21 12:26 2017-11-3	Show	GitHub Exploit DB Packet Storm

72	5.3 5.0	MEDIUM Network	While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been pres…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2017-3735	cpe:2.3:a:openssl:openssl:1.1.0f:* cpe:2.3:a:openssl:openssl:1.1.0e:* cpe:2.3:a:openssl:openssl:1.1.0d:* cpe:2…			2024-11-21 12:26 2017-08-29	Show	GitHub Exploit DB Packet Storm

73	5.9 2.6	MEDIUM Network	There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bi…	NVD-CWE-noinfo	CVE-2016-7055	cpe:2.3:a:openssl:openssl::	1.0.2 1.1.0	1.0.2k 1.1.0c	2024-11-21 11:57 2017-05-5	Show	GitHub Exploit DB Packet Storm

74	7.5 5.0	HIGH Network	During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (d…	CWE-20 Improper Input Validation	CVE-2017-3733	cpe:2.3:a:openssl:openssl:1.1.0d:* cpe:2.3:a:openssl:openssl:1.1.0c:* cpe:2.3:a:openssl:openssl:1.1.0b:* cpe:2…			2024-11-21 12:26 2017-05-5	Show	GitHub Exploit DB Packet Storm

75	7.5 5.0	HIGH Network	If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resu…	CWE-125 Out-of-bounds Read	CVE-2017-3731	cpe:2.3:a:openssl:openssl:1.1.0c:* cpe:2.3:a:openssl:openssl:1.1.0b:* cpe:2.3:a:openssl:openssl:1.1.0a:* cpe:2…			2024-11-21 12:26 2017-05-5	Show	GitHub Exploit DB Packet Storm

76	7.5 5.0	HIGH Network	In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue i…	CWE-284 Improper Access Control	CVE-2016-7054	cpe:2.3:a:openssl:openssl:1.1.0b:* cpe:2.3:a:openssl:openssl:1.1.0a:* cpe:2.3:a:openssl:openssl:1.1.0:*			2024-11-21 11:57 2017-05-5	Show	GitHub Exploit DB Packet Storm

77	7.5 5.0	HIGH Network	In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.…	CWE-476 NULL Pointer Dereference	CVE-2016-7053	cpe:2.3:a:openssl:openssl:1.1.0b:* cpe:2.3:a:openssl:openssl:1.1.0a:* cpe:2.3:a:openssl:openssl:1.1.0:*			2024-11-21 11:57 2017-05-5	Show	GitHub Exploit DB Packet Storm

78	5.9 4.3	MEDIUM Network	There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks agai…	CWE-200 Information Exposure	CVE-2017-3732	cpe:2.3:a:openssl:openssl:1.1.0c:* cpe:2.3:a:openssl:openssl:1.1.0b:* cpe:2.3:a:openssl:openssl:1.1.0a:* cpe:2…			2024-11-21 12:26 2017-05-5	Show	GitHub Exploit DB Packet Storm

79	7.5 5.0	HIGH Network	In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a …	CWE-476 NULL Pointer Dereference	CVE-2017-3730	cpe:2.3:a:openssl:openssl:1.1.0c:* cpe:2.3:a:openssl:openssl:1.1.0b:* cpe:2.3:a:openssl:openssl:1.1.0a:* cpe:2…			2024-11-21 12:26 2017-05-5	Show	GitHub Exploit DB Packet Storm

80	7.5 5.0	HIGH Network	crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.	CWE-476 NULL Pointer Dereference	CVE-2016-7052	cpe:2.3:a:openssl:openssl:1.0.2i:*			2024-11-21 11:57 2016-09-27	Show	GitHub Exploit DB Packet Storm