The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
Configuration 15 (hide)
|
Configuration 16 (hide)
AND |
|
History
No history.
Information
Published : 2014-04-07 22:55
Updated : 2024-02-04 18:35
NVD link : CVE-2014-0160
Mitre link : CVE-2014-0160
CVE.ORG link : CVE-2014-0160
JSON object : View
Products Affected
siemens
- wincc_open_architecture
- application_processing_engine
- simatic_s7-1500t_firmware
- cp_1543-1
- simatic_s7-1500
- elan-8.2
- cp_1543-1_firmware
- application_processing_engine_firmware
- simatic_s7-1500t
- simatic_s7-1500_firmware
redhat
- virtualization
- enterprise_linux_workstation
- enterprise_linux_server_tus
- enterprise_linux_server_aus
- enterprise_linux_server_eus
- enterprise_linux_server
- storage
- gluster_storage
- enterprise_linux_desktop
filezilla-project
- filezilla_server
mitel
- micollab
- mivoice
canonical
- ubuntu_linux
intellian
- v100_firmware
- v100
- v60_firmware
- v60
openssl
- openssl
ricon
- s9922l_firmware
- s9922l
debian
- debian_linux
fedoraproject
- fedora
opensuse
- opensuse
CWE
CWE-125
Out-of-bounds Read