CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Published : 2014-04-07 22:55 Updated : 2019-10-09 23:09

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta2
Openssl Openssl 1.0.1d cpe:/a:openssl:openssl:1.0.1d
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta1
Openssl Openssl 1.0.1f cpe:/a:openssl:openssl:1.0.1f
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta3
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1
Openssl Openssl 1.0.2 cpe:/a:openssl:openssl:1.0.2:beta1
Openssl Openssl 1.0.1a cpe:/a:openssl:openssl:1.0.1a
Openssl Openssl 1.0.1c cpe:/a:openssl:openssl:1.0.1c
Openssl Openssl 1.0.1b cpe:/a:openssl:openssl:1.0.1b
Openssl Openssl 1.0.1e cpe:/a:openssl:openssl:1.0.1e
  1. Openssl (1) Search CVE
    1. Openssl (8) Search CVE
      1. 1.0.1
      2. 1.0.1d
      3. 1.0.1f
      4. 1.0.2
      5. 1.0.1a
      6. 1.0.1c
      7. 1.0.1b
      8. 1.0.1e

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

References

Source Link
SUSE http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
BUGTRAQ http://www.securityfocus.com/archive/1/534161/100/0/threaded
HP http://marc.info/?l=bugtraq&m=142660345230545&w=2
CONFIRM https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
FULLDISC http://seclists.org/fulldisclosure/2014/Apr/91
HP http://marc.info/?l=bugtraq&m=139758572430452&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
CONFIRM http://www.kerio.com/support/kerio-control/release-history
UBUNTU http://www.ubuntu.com/usn/USN-2165-1
MLIST https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
CONFIRM http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
MISC https://www.cert.fi/en/reports/2014/vulnerability788210.html
MLIST https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
HP http://marc.info/?l=bugtraq&m=139889113431619&w=2
CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
HP http://marc.info/?l=bugtraq&m=139833395230364&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
HP http://marc.info/?l=bugtraq&m=139842151128341&w=2
HP http://marc.info/?l=bugtraq&m=139817727317190&w=2
HP http://marc.info/?l=bugtraq&m=139835815211508&w=2
HP http://marc.info/?l=bugtraq&m=139757919027752&w=2
CONFIRM http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
CONFIRM http://advisories.mageia.org/MGASA-2014-0165.html
HP http://marc.info/?l=bugtraq&m=139835844111589&w=2
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
HP http://marc.info/?l=bugtraq&m=139869891830365&w=2
HP http://marc.info/?l=bugtraq&m=139824993005633&w=2
HP http://marc.info/?l=bugtraq&m=139843768401936&w=2
HP http://marc.info/?l=bugtraq&m=139836085512508&w=2
HP http://marc.info/?l=bugtraq&m=139757726426985&w=2
HP http://marc.info/?l=bugtraq&m=139817685517037&w=2
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
HP http://marc.info/?l=bugtraq&m=139824923705461&w=2
HP http://marc.info/?l=bugtraq&m=139808058921905&w=2
HP http://marc.info/?l=bugtraq&m=139869720529462&w=2
CONFIRM http://cogentdatahub.com/ReleaseNotes.html
HP http://marc.info/?l=bugtraq&m=139765756720506&w=2
MISC http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
HP http://marc.info/?l=bugtraq&m=139757819327350&w=2
MISC http://heartbleed.com/
HP http://marc.info/?l=bugtraq&m=139722163017074&w=2
HP http://marc.info/?l=bugtraq&m=139774703817488&w=2
HP http://marc.info/?l=bugtraq&m=139774054614965&w=2
HP http://marc.info/?l=bugtraq&m=139817782017443&w=2
FULLDISC http://seclists.org/fulldisclosure/2014/Apr/109
CONFIRM http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
HP http://marc.info/?l=bugtraq&m=139889295732144&w=2
SECUNIA http://secunia.com/advisories/59139
CONFIRM http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
CONFIRM http://www.blackberry.com/btsc/KB35882
CONFIRM http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
HP http://marc.info/?l=bugtraq&m=139905295427946&w=2
EXPLOIT-DB http://www.exploit-db.com/exploits/32764
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CERT-VN http://www.kb.cert.org/vuls/id/720951
CONFIRM http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
CONFIRM http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
SECUNIA http://secunia.com/advisories/59243
HP http://marc.info/?l=bugtraq&m=139905202427693&w=2
HP http://marc.info/?l=bugtraq&m=141287864628122&w=2
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0378.html
FULLDISC http://seclists.org/fulldisclosure/2014/Apr/173
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0377.html
CONFIRM http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
HP http://marc.info/?l=bugtraq&m=139905868529690&w=2
SECUNIA http://secunia.com/advisories/59347
HP http://marc.info/?l=bugtraq&m=140752315422991&w=2
HP http://marc.info/?l=bugtraq&m=140724451518351&w=2
HP http://marc.info/?l=bugtraq&m=140075368411126&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0396.html
HP http://marc.info/?l=bugtraq&m=139905653828999&w=2
FULLDISC http://seclists.org/fulldisclosure/2014/Apr/90
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
HP http://marc.info/?l=bugtraq&m=139905458328378&w=2
FULLDISC http://seclists.org/fulldisclosure/2014/Dec/23
HP http://marc.info/?l=bugtraq&m=139905243827825&w=2
CONFIRM http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
HP http://marc.info/?l=bugtraq&m=140015787404650&w=2
EXPLOIT-DB http://www.exploit-db.com/exploits/32745
HP http://marc.info/?l=bugtraq&m=139905405728262&w=2
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
FULLDISC http://seclists.org/fulldisclosure/2014/Apr/190
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21670161
DEBIAN http://www.debian.org/security/2014/dsa-2896
CONFIRM http://www.f-secure.com/en/web/labs_global/fsc-2014-1
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0376.html
HP http://marc.info/?l=bugtraq&m=139905351928096&w=2
CONFIRM http://www.openssl.org/news/secadv_20140407.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1084875
MLIST https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
SECTRACK http://www.securitytracker.com/id/1030079
CONFIRM https://code.google.com/p/mod-spdy/issues/detail?id=85
CONFIRM http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
CONFIRM https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
BID http://www.securityfocus.com/bid/66690
CERT http://www.us-cert.gov/ncas/alerts/TA14-098A
MISC https://gist.github.com/chapmajs/10473815
CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
MISC https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
SECTRACK http://www.securitytracker.com/id/1030074
SECTRACK http://www.securitytracker.com/id/1030078
CONFIRM http://www.splunk.com/view/SP-CAAAMB3
CONFIRM https://filezilla-project.org/versions.php?type=server
SECTRACK http://www.securitytracker.com/id/1030026
SECTRACK http://www.securitytracker.com/id/1030082
SECTRACK http://www.securitytracker.com/id/1030077
SECTRACK http://www.securitytracker.com/id/1030080
SECTRACK http://www.securitytracker.com/id/1030081
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
HP https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
CONFIRM http://support.citrix.com/article/CTX140605
CONFIRM https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

History of changes

Date Event
2019-09-27 18:22
2019-03-25 11:34
2019-03-21 15:54
2018-10-23 21:29
2018-10-09 19:36
2017-12-16 02:29
2017-11-15 02:29
2014-04-07 22:55

New CVE