Vulnerability DatabaseCVE-2014-0160
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-0160
April 07, 2014
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Related Resources (132)
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://secunia.com/advisories/59139
http://secunia.com/advisories/57347
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
http://www.securityfocus.com/bid/66690
https://access.redhat.com/security/cve/CVE-2014-0160
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://marc.info/?l=bugtraq&m=139817782017443&w=2
http://marc.info/?l=bugtraq&m=139842151128341&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
http://seclists.org/fulldisclosure/2014/Dec/23
http://marc.info/?l=bugtraq&m=139824923705461&w=2
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
http://marc.info/?l=bugtraq&m=139765756720506&w=2
http://marc.info/?l=bugtraq&m=139905243827825&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
http://www.securitytracker.com/id/1030082
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
http://marc.info/?l=bugtraq&m=139905405728262&w=2
http://rhn.redhat.com/errata/RHSA-2014-0378.html
http://seclists.org/fulldisclosure/2014/Apr/109
http://marc.info/?l=bugtraq&m=139905202427693&w=2
http://secunia.com/advisories/57968
http://marc.info/?l=bugtraq&m=139835815211508&w=2
http://rhn.redhat.com/errata/RHSA-2014-0377.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.exploit-db.com/exploits/32745
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://marc.info/?l=bugtraq&m=139869720529462&w=2
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
http://support.citrix.com/article/CTX140605
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
https://security-tracker.debian.org/tracker/CVE-2014-0160
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://secunia.com/advisories/59347
http://marc.info/?l=bugtraq&m=139817727317190&w=2
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
http://marc.info/?l=bugtraq&m=139905868529690&w=2
http://marc.info/?l=bugtraq&m=139722163017074&w=2
https://code.google.com/p/mod-spdy/issues/detail?id=85
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://marc.info/?l=bugtraq&m=139757726426985&w=2
http://marc.info/?l=bugtraq&m=139757919027752&w=2
http://marc.info/?l=bugtraq&m=139905295427946&w=2
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
http://marc.info/?l=bugtraq&m=139817685517037&w=2
http://secunia.com/advisories/59243
http://marc.info/?l=bugtraq&m=139905351928096&w=2
http://seclists.org/fulldisclosure/2014/Apr/190
http://marc.info/?l=bugtraq&m=139905653828999&w=2
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0160
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
http://rhn.redhat.com/errata/RHSA-2014-0396.html
http://www.us-cert.gov/ncas/alerts/TA14-098A
http://marc.info/?l=bugtraq&m=139774054614965&w=2
http://marc.info/?l=bugtraq&m=139905458328378&w=2
http://www.securitytracker.com/id/1030026
http://heartbleed.com/
http://marc.info/?l=bugtraq&m=139758572430452&w=2
http://www.securitytracker.com/id/1030074
http://marc.info/?l=bugtraq&m=141287864628122&w=2
http://www.securitytracker.com/id/1030079
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
http://marc.info/?l=bugtraq&m=139774703817488&w=2
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
http://secunia.com/advisories/57721
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
http://marc.info/?l=bugtraq&m=139833395230364&w=2
http://advisories.mageia.org/MGASA-2014-0165.html
http://rhn.redhat.com/errata/RHSA-2014-0376.html
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
http://seclists.org/fulldisclosure/2014/Apr/173
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www.ubuntu.com/usn/USN-2165-1
http://www.blackberry.com/btsc/KB35882
http://marc.info/?l=bugtraq&m=140015787404650&w=2
http://secunia.com/advisories/57836
http://marc.info/?l=bugtraq&m=139869891830365&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
http://www.securitytracker.com/id/1030080
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
http://marc.info/?l=bugtraq&m=139843768401936&w=2
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
http://www.debian.org/security/2014/dsa-2896
http://marc.info/?l=bugtraq&m=139824993005633&w=2
http://seclists.org/fulldisclosure/2014/Apr/91
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
https://gist.github.com/chapmajs/10473815
http://cogentdatahub.com/ReleaseNotes.html
http://marc.info/?l=bugtraq&m=139835844111589&w=2
http://marc.info/?l=bugtraq&m=140075368411126&w=2
http://www.splunk.com/view/SP-CAAAMB3
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
http://marc.info/?l=bugtraq&m=139889295732144&w=2
http://secunia.com/advisories/57483
http://www.openssl.org/news/secadv_20140407.txt
http://marc.info/?l=bugtraq&m=140724451518351&w=2
http://marc.info/?l=bugtraq&m=139889113431619&w=2
http://marc.info/?l=bugtraq&m=139836085512508&w=2
http://www.kerio.com/support/kerio-control/release-history
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://secunia.com/advisories/57966
http://www.securitytracker.com/id/1030078
http://marc.info/?l=bugtraq&m=139757819327350&w=2
http://seclists.org/fulldisclosure/2014/Apr/90
http://www.kb.cert.org/vuls/id/720951
http://www.exploit-db.com/exploits/32764
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
https://filezilla-project.org/versions.php?type=server
http://marc.info/?l=bugtraq&m=139808058921905&w=2
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://www.securitytracker.com/id/1030077
http://www.securitytracker.com/id/1030081
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
ATTACKED
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Exploit Maturity
HIGH
CVSS v2
Base Score:
5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
94.46