Software Detail

Software Informaton Top

Encryption

Software Detail

openssl

Number Of NVD

253

CRITICAL

HIGH

MEDIUM

146

LOW

URL	https://www.openssl.org/
Explanation	OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。 Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」のダブルライセンスです。サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。 LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag	オープンソース商用ライセンス有り Apache License v2.0 OpenSSL License Original SSLeay License

Add Information URL

No	Name	URL
1	リリースに関する説明とサポート終了バージョンについて	https://www.openssl.org/policies/releasestrat.html
2	opensslのGit	https://github.com/openssl/openssl
3	脆弱性情報のページ	https://www.openssl.org/news/vulnerabilities.html
4	サポート契約	https://www.openssl.org/support/contracts.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
81	openssl 1.1.1(LTS)	1.1.1w	Sept. 11, 2023	Sept. 11, 2018	Sept. 11, 2023	3	16	24	2
82	openssl 1.1.0	1.1.0j	Nov. 20, 2018	Aug. 26, 2016	Aug. 31, 2018	1	12	14	2
83	openssl 1.0.2(LTS)	1.0.2u	Dec. 20, 2019	Jan. 23, 2015	Dec. 31, 2019	9	31	63	10
84	openssl 1.0.1	1.0.1t	May 3, 2016	March 14, 2012	Dec. 31, 2016	7	25	58	5
85	openssl 1.0.0	1.0.0t	Dec. 3, 2015	March 29, 2010	Dec. 31, 2015	1	14	57	5
86	openssl 0.9.8	0.9.8zh	Dec. 4, 2015	July 6, 2005	Dec. 31, 2015	1	5	9	3
87	openssl a.00(LTS)	a.00.09.07l				0	0	0	0
88	openssl 3	3.6.2	April 7, 2026			3	21	16	0
89	openssl 1.0(LTS)	1.0.2zf				7	29	80	7
90	openssl 0.9(LTS)	0.9.8zh				2	30	76	7

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
81	9.8 10.0	CRITICAL Network	statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitra…	CWE-416 Use After Free	CVE-2016-6309	cpe:2.3:a:openssl:openssl:1.1.0a:*	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

82	5.9 7.1	MEDIUM Network	statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of servic…	CWE-399 Resource Management Errors	CVE-2016-6308	cpe:2.3:a:openssl:openssl:1.1.0:*	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

83	5.9 4.3	MEDIUM Network	The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consu…	CWE-400 Uncontrolled Resource Consumption	CVE-2016-6307	cpe:2.3:a:openssl:openssl:1.1.0:*	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

84	5.9 4.3	MEDIUM Network	The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s…	CWE-125 Out-of-bounds Read	CVE-2016-6306	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.3:a:openssl:openssl:1.0.2e:* cpe:2…	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

85	7.5 5.0	HIGH Network	The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_…	CWE-20 Improper Input Validation	CVE-2016-6305	cpe:2.3:a:openssl:openssl:1.1.0:*	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

86	7.5 7.8	HIGH Network	Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2016-6304	cpe:2.3:a:openssl:openssl:1.1.0:* cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2.…	2024-11-21 11:55 2016-09-27	Show	GitHub Exploit DB Packet Storm

87	9.8 7.5	CRITICAL Network	Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or poss…	CWE-787 Out-of-bounds Write	CVE-2016-6303	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:55 2016-09-16	Show	GitHub Exploit DB Packet Storm

88	7.5 5.0	HIGH Network	The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of serv…	CWE-20 Improper Input Validation	CVE-2016-6302	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:55 2016-09-16	Show	GitHub Exploit DB Packet Storm

89	9.8 7.5	CRITICAL Network	The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and…	CWE-787 Out-of-bounds Write	CVE-2016-2182	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:47 2016-09-16	Show	GitHub Exploit DB Packet Storm

90	7.5 5.0	HIGH Network	The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cau…	CWE-189 Numeric Errors	CVE-2016-2181	cpe:2.3:a:openssl:openssl:1.0.2h:* cpe:2.3:a:openssl:openssl:1.0.2g:* cpe:2.3:a:openssl:openssl:1.0.2f:* cpe:2…	2024-11-21 11:47 2016-09-16	Show	GitHub Exploit DB Packet Storm