CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Published date
2014-04-07T22:55Z
Last modification date
2023-02-10T16:58Z
Assigner
secalert@redhat.com
Problem type
CWE-125

Impact

CVSS v3 vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
NameURLSourceTags
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3CONFIRMPatch, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1084875https://bugzilla.redhat.com/show_bug.cgi?id=1084875CONFIRMIssue Tracking, Third Party Advisory
http://www.openssl.org/news/secadv_20140407.txthttp://www.openssl.org/news/secadv_20140407.txtCONFIRMVendor Advisory
http://heartbleed.com/http://heartbleed.com/MISCThird Party Advisory
1030078http://www.securitytracker.com/id/1030078SECTRACKThird Party Advisory, VDB Entry
20140409 Re: heartbleed OpenSSL bug CVE-2014-0160http://seclists.org/fulldisclosure/2014/Apr/109FULLDISCMailing List, Third Party Advisory
20140412 Re: heartbleed OpenSSL bug CVE-2014-0160http://seclists.org/fulldisclosure/2014/Apr/190FULLDISCMailing List, Third Party Advisory
[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been releasedhttps://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.htmlMLISTThird Party Advisory
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.htmlhttp://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.htmlCONFIRMThird Party Advisory
RHSA-2014:0376http://rhn.redhat.com/errata/RHSA-2014-0376.htmlREDHATThird Party Advisory
RHSA-2014:0396http://rhn.redhat.com/errata/RHSA-2014-0396.htmlREDHATThird Party Advisory
1030082http://www.securitytracker.com/id/1030082SECTRACKThird Party Advisory, VDB Entry
57347http://secunia.com/advisories/57347SECUNIAThird Party Advisory
HPSBMU02995http://marc.info/?l=bugtraq&m=139722163017074&w=2HPThird Party Advisory
1030077http://www.securitytracker.com/id/1030077SECTRACKThird Party Advisory, VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21670161http://www-01.ibm.com/support/docview.wss?uid=swg21670161CONFIRMBroken Link
DSA-2896http://www.debian.org/security/2014/dsa-2896DEBIANThird Party Advisory
RHSA-2014:0377http://rhn.redhat.com/errata/RHSA-2014-0377.htmlREDHATThird Party Advisory
1030080http://www.securitytracker.com/id/1030080SECTRACKThird Party Advisory, VDB Entry
FEDORA-2014-4879http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.htmlFEDORAThird Party Advisory
1030074http://www.securitytracker.com/id/1030074SECTRACKThird Party Advisory, VDB Entry
20140408 heartbleed OpenSSL bug CVE-2014-0160http://seclists.org/fulldisclosure/2014/Apr/90FULLDISCMailing List, Third Party Advisory
1030081http://www.securitytracker.com/id/1030081SECTRACKThird Party Advisory, VDB Entry
20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Productshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleedCISCOThird Party Advisory
RHSA-2014:0378http://rhn.redhat.com/errata/RHSA-2014-0378.htmlREDHATThird Party Advisory
20140408 Re: heartbleed OpenSSL bug CVE-2014-0160http://seclists.org/fulldisclosure/2014/Apr/91FULLDISCMailing List, Third Party Advisory
57483http://secunia.com/advisories/57483SECUNIAThird Party Advisory
http://www.splunk.com/view/SP-CAAAMB3http://www.splunk.com/view/SP-CAAAMB3CONFIRMThird Party Advisory
FEDORA-2014-4910http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.htmlFEDORAThird Party Advisory
1030079http://www.securitytracker.com/id/1030079SECTRACKThird Party Advisory, VDB Entry
openSUSE-SU-2014:0492http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.htmlSUSEMailing List, Third Party Advisory
57721http://secunia.com/advisories/57721SECUNIAThird Party Advisory
http://www.blackberry.com/btsc/KB35882http://www.blackberry.com/btsc/KB35882CONFIRMBroken Link
1030026http://www.securitytracker.com/id/1030026SECTRACKThird Party Advisory, VDB Entry
SUSE-SA:2014:002http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.htmlSUSEMailing List, Third Party Advisory
66690http://www.securityfocus.com/bid/66690BIDThird Party Advisory, VDB Entry
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/CONFIRMThird Party Advisory
TA14-098Ahttp://www.us-cert.gov/ncas/alerts/TA14-098ACERTThird Party Advisory, US Government Resource
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/CONFIRMThird Party Advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/MISCThird Party Advisory
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160https://blog.torproject.org/blog/openssl-bug-cve-2014-0160MISCThird Party Advisory
57966http://secunia.com/advisories/57966SECUNIAThird Party Advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-1http://www.f-secure.com/en/web/labs_global/fsc-2014-1CONFIRMThird Party Advisory
20140411 MRI Rubies may contain statically linked, vulnerable OpenSSLhttp://seclists.org/fulldisclosure/2014/Apr/173FULLDISCMailing List, Third Party Advisory
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/CONFIRMThird Party Advisory
57968http://secunia.com/advisories/57968SECUNIAThird Party Advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85https://code.google.com/p/mod-spdy/issues/detail?id=85CONFIRMThird Party Advisory
32745http://www.exploit-db.com/exploits/32745EXPLOIT-DBExploit, Third Party Advisory, VDB Entry
VU#720951http://www.kb.cert.org/vuls/id/720951CERT-VNThird Party Advisory, US Government Resource
https://www.cert.fi/en/reports/2014/vulnerability788210.htmlhttps://www.cert.fi/en/reports/2014/vulnerability788210.htmlMISCThird Party Advisory
32764http://www.exploit-db.com/exploits/32764EXPLOIT-DBExploit, Third Party Advisory, VDB Entry
57836http://secunia.com/advisories/57836SECUNIAThird Party Advisory
https://gist.github.com/chapmajs/10473815https://gist.github.com/chapmajs/10473815MISCThird Party Advisory
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/CONFIRMThird Party Advisory
http://cogentdatahub.com/ReleaseNotes.htmlhttp://cogentdatahub.com/ReleaseNotes.htmlCONFIRMRelease Notes, Third Party Advisory
HPSBMU03009http://marc.info/?l=bugtraq&m=139905458328378&w=2HPThird Party Advisory
HPSBMU03022http://marc.info/?l=bugtraq&m=139869891830365&w=2HPThird Party Advisory
HPSBMU03024http://marc.info/?l=bugtraq&m=139889113431619&w=2HPThird Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1CONFIRMThird Party Advisory
http://www.kerio.com/support/kerio-control/release-historyhttp://www.kerio.com/support/kerio-control/release-historyCONFIRMThird Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3CONFIRMThird Party Advisory
http://advisories.mageia.org/MGASA-2014-0165.htmlhttp://advisories.mageia.org/MGASA-2014-0165.htmlCONFIRMThird Party Advisory
HPSBST03000https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetokenHPBroken Link
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlCONFIRMThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843http://www-01.ibm.com/support/docview.wss?uid=isg400001843CONFIRMThird Party Advisory
https://filezilla-project.org/versions.php?type=serverhttps://filezilla-project.org/versions.php?type=serverCONFIRMRelease Notes, Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841http://www-01.ibm.com/support/docview.wss?uid=isg400001841CONFIRMThird Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217CONFIRMThird Party Advisory
HPSBHF03136http://marc.info/?l=bugtraq&m=141287864628122&w=2HPThird Party Advisory
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitieshttp://seclists.org/fulldisclosure/2014/Dec/23FULLDISCMailing List, Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlCONFIRMNot Applicable
SSRT101846http://marc.info/?l=bugtraq&m=142660345230545&w=2HPThird Party Advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0CONFIRMNot Applicable
MDVSA-2015:062http://www.mandriva.com/security/advisories?name=MDVSA-2015:062MANDRIVAThird Party Advisory
HPSBMU03017http://marc.info/?l=bugtraq&m=139817727317190&w=2HPThird Party Advisory
HPSBMU02994http://marc.info/?l=bugtraq&m=139757726426985&w=2HPThird Party Advisory
HPSBST03001http://marc.info/?l=bugtraq&m=139758572430452&w=2HPThird Party Advisory
HPSBST03004http://marc.info/?l=bugtraq&m=139905653828999&w=2HPThird Party Advisory
HPSBST03016http://marc.info/?l=bugtraq&m=139842151128341&w=2HPThird Party Advisory
HPSBMU03032http://marc.info/?l=bugtraq&m=139905405728262&w=2HPThird Party Advisory
HPSBGN03011http://marc.info/?l=bugtraq&m=139833395230364&w=2HPThird Party Advisory
HPSBMU03013http://marc.info/?l=bugtraq&m=139824993005633&w=2HPThird Party Advisory
HPSBMU03023http://marc.info/?l=bugtraq&m=139843768401936&w=2HPThird Party Advisory
HPSBMU03029http://marc.info/?l=bugtraq&m=139905202427693&w=2HPThird Party Advisory
HPSBGN03008http://marc.info/?l=bugtraq&m=139774054614965&w=2HPThird Party Advisory
HPSBPI03031http://marc.info/?l=bugtraq&m=139889295732144&w=2HPThird Party Advisory
HPSBHF03021http://marc.info/?l=bugtraq&m=139835815211508&w=2HPThird Party Advisory
HPSBMU03037http://marc.info/?l=bugtraq&m=140724451518351&w=2HPThird Party Advisory
HPSBMU03012http://marc.info/?l=bugtraq&m=139808058921905&w=2HPThird Party Advisory
HPSBMU03020http://marc.info/?l=bugtraq&m=139836085512508&w=2HPThird Party Advisory
HPSBMU03025http://marc.info/?l=bugtraq&m=139869720529462&w=2HPThird Party Advisory
HPSBST03027http://marc.info/?l=bugtraq&m=139905868529690&w=2HPThird Party Advisory
HPSBMU02999http://marc.info/?l=bugtraq&m=139765756720506&w=2HPThird Party Advisory
HPSBMU03040http://marc.info/?l=bugtraq&m=140015787404650&w=2HPThird Party Advisory
HPSBST03015http://marc.info/?l=bugtraq&m=139824923705461&w=2HPThird Party Advisory
HPSBMU02997http://marc.info/?l=bugtraq&m=139757919027752&w=2HPThird Party Advisory
HPSBGN03010http://marc.info/?l=bugtraq&m=139774703817488&w=2HPThird Party Advisory
HPSBMU03028http://marc.info/?l=bugtraq&m=139905243827825&w=2HPThird Party Advisory
HPSBMU03044http://marc.info/?l=bugtraq&m=140075368411126&w=2HPThird Party Advisory
HPSBMU03033http://marc.info/?l=bugtraq&m=139905295427946&w=2HPThird Party Advisory
HPSBPI03014http://marc.info/?l=bugtraq&m=139835844111589&w=2HPThird Party Advisory
HPSBMU02998http://marc.info/?l=bugtraq&m=139757819327350&w=2HPThird Party Advisory
HPSBMU03019http://marc.info/?l=bugtraq&m=139817685517037&w=2HPThird Party Advisory
HPSBMU03030http://marc.info/?l=bugtraq&m=139905351928096&w=2HPThird Party Advisory
HPSBMU03018http://marc.info/?l=bugtraq&m=139817782017443&w=2HPThird Party Advisory
HPSBMU03062http://marc.info/?l=bugtraq&m=140752315422991&w=2HPThird Party Advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00CONFIRMThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661CONFIRMThird Party Advisory
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdfhttp://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdfCONFIRMNot Applicable
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfhttp://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfCONFIRMThird Party Advisory
59347http://secunia.com/advisories/59347SECUNIAThird Party Advisory
59243http://secunia.com/advisories/59243SECUNIAThird Party Advisory
59139http://secunia.com/advisories/59139SECUNIAThird Party Advisory
FEDORA-2014-9308http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlFEDORAMailing List, Third Party Advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01CONFIRMBroken Link
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.htmlhttps://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.htmlCONFIRMThird Party Advisory
http://support.citrix.com/article/CTX140605http://support.citrix.com/article/CTX140605CONFIRMThird Party Advisory
USN-2165-1http://www.ubuntu.com/usn/USN-2165-1UBUNTUThird Party Advisory
openSUSE-SU-2014:0560http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.htmlSUSEMailing List, Third Party Advisory
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitieshttp://www.securityfocus.com/archive/1/534161/100/0/threadedBUGTRAQNot Applicable, Third Party Advisory, VDB Entry
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008CONFIRMThird Party Advisory
[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3EMLISTMailing List, Patch, Third Party Advisory
[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3EMLISTMailing List, Patch, Third Party Advisory
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.htmlhttps://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.htmlMISCExploit, Third Party Advisory
[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3EMLISTMailing List, Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdfCONFIRMThird Party Advisory
[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3EMLISTMailing List, Patch, Third Party Advisory
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bdhttps://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bdMISCExploit, Third Party Advisory