Home > Vulnerability Database > CVE-2014-0160

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2014-0160

Date: April 6, 2014

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Language: C

Severity Score

7.5

Related Resources (134)

Url: http://www.securityfocus.com/bid/66690

Url: http://www.ubuntu.com/usn/USN-2165-1

Url: http://seclists.org/fulldisclosure/2014/Dec/23

Url: http://marc.info/?l=bugtraq&m=139905351928096&w=2

Url: http://marc.info/?l=bugtraq&m=140724451518351&w=2

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-0160

Url: http://www.openssl.org/news/secadv_20140407.txt

Url: http://seclists.org/fulldisclosure/2014/Apr/173

Url: https://security-tracker.debian.org/tracker/CVE-2014-0160

Url: http://marc.info/?l=bugtraq&m=139889295732144&w=2

Url: http://rhn.redhat.com/errata/RHSA-2014-0396.html

Url: http://marc.info/?l=bugtraq&m=139765756720506&w=2

Url: http://marc.info/?l=bugtraq&m=139905458328378&w=2

Url: http://www.securitytracker.com/id/1030026

Url: https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

Url: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Url: https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E

Url: http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

Url: http://advisories.mageia.org/MGASA-2014-0165.html

Url: http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

Url: http://marc.info/?l=bugtraq&m=139833395230364&w=2

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0160

Url: http://marc.info/?l=bugtraq&m=139817685517037&w=2

Url: https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=139905243827825&w=2

Url: http://www.exploit-db.com/exploits/32745

Url: http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

Url: https://filezilla-project.org/versions.php?type=server

Url: https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Url: http://rhn.redhat.com/errata/RHSA-2014-0378.html

Url: http://www.blackberry.com/btsc/KB35882

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

Url: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160

Url: http://secunia.com/advisories/57836

Url: http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

Url: http://marc.info/?l=bugtraq&m=139869720529462&w=2

Url: http://marc.info/?l=bugtraq&m=139774054614965&w=2

Url: https://access.redhat.com/security/cve/CVE-2014-0160

Url: http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

Url: http://rhn.redhat.com/errata/RHSA-2014-0376.html

Url: http://marc.info/?l=bugtraq&m=141287864628122&w=2

Url: https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Url: http://www.debian.org/security/2014/dsa-2896

Url: http://marc.info/?l=bugtraq&m=139817727317190&w=2

Url: http://secunia.com/advisories/59347

Url: https://code.google.com/p/mod-spdy/issues/detail?id=85

Url: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

Url: http://marc.info/?l=bugtraq&m=139722163017074&w=2

Url: http://marc.info/?l=bugtraq&m=139905202427693&w=2

Url: http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

Url: http://secunia.com/advisories/57968

Url: http://secunia.com/advisories/57966

Url: http://secunia.com/advisories/57721

Url: http://marc.info/?l=bugtraq&m=139905295427946&w=2

Url: http://marc.info/?l=bugtraq&m=139824923705461&w=2

Url: http://marc.info/?l=bugtraq&m=139757726426985&w=2

Url: https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=139824993005633&w=2

Url: https://gist.github.com/chapmajs/10473815

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

Url: http://www.kb.cert.org/vuls/id/720951

Url: http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Url: http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

Url: http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

Url: http://marc.info/?l=bugtraq&m=139835815211508&w=2

Url: http://marc.info/?l=bugtraq&m=140015787404650&w=2

Url: http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Url: http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Url: http://marc.info/?l=bugtraq&m=139757919027752&w=2

Url: http://marc.info/?l=bugtraq&m=139905405728262&w=2

Url: http://marc.info/?l=bugtraq&m=139774703817488&w=2

Url: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Url: http://marc.info/?l=bugtraq&m=139836085512508&w=2

Url: http://www.securitytracker.com/id/1030074

Url: http://www.securitytracker.com/id/1030077

Url: http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Url: http://marc.info/?l=bugtraq&m=139808058921905&w=2

Url: http://www.securitytracker.com/id/1030079

Url: https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Url: http://www.securitytracker.com/id/1030078

Url: https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21670161

Url: https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Url: http://marc.info/?l=bugtraq&m=140075368411126&w=2

Url: http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Url: http://secunia.com/advisories/59243

Url: http://marc.info/?l=bugtraq&m=142660345230545&w=2

Url: http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Url: http://secunia.com/advisories/57347

Url: http://support.citrix.com/article/CTX140605

Url: http://www.kerio.com/support/kerio-control/release-history

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1084875

Url: http://www.splunk.com/view/SP-CAAAMB3

Url: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Url: http://marc.info/?l=bugtraq&m=139905653828999&w=2

Url: http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

Url: http://secunia.com/advisories/59139

Url: http://marc.info/?l=bugtraq&m=139905868529690&w=2

Url: http://rhn.redhat.com/errata/RHSA-2014-0377.html

Url: http://www.us-cert.gov/ncas/alerts/TA14-098A

Url: http://marc.info/?l=bugtraq&m=139757819327350&w=2

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

Url: http://marc.info/?l=bugtraq&m=139817782017443&w=2

Url: http://www.securityfocus.com/archive/1/534161/100/0/threaded

Url: https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

Url: http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

Url: http://marc.info/?l=bugtraq&m=139889113431619&w=2

Url: http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Url: http://seclists.org/fulldisclosure/2014/Apr/109

Url: http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Url: http://secunia.com/advisories/57483

Url: http://heartbleed.com/

Url: http://marc.info/?l=bugtraq&m=140752315422991&w=2

Url: https://www.cert.fi/en/reports/2014/vulnerability788210.html

Url: http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Url: http://marc.info/?l=bugtraq&m=139842151128341&w=2

Url: http://marc.info/?l=bugtraq&m=139835844111589&w=2

Url: http://seclists.org/fulldisclosure/2014/Apr/90

Url: http://seclists.org/fulldisclosure/2014/Apr/190

Url: http://marc.info/?l=bugtraq&m=139869891830365&w=2

Url: http://seclists.org/fulldisclosure/2014/Apr/91

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

Url: http://marc.info/?l=bugtraq&m=139843768401936&w=2

Url: http://www.exploit-db.com/exploits/32764

Url: http://marc.info/?l=bugtraq&m=139758572430452&w=2

Url: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

Url: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

Url: http://cogentdatahub.com/ReleaseNotes.html

Url: http://www.securitytracker.com/id/1030080

Url: https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Url: http://www.securitytracker.com/id/1030082

Url: http://www.securitytracker.com/id/1030081

Url: https://www.mend.io/vulnerability-database/CVE-2014-0160

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us