The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
Link Providers
http://advisories.mageia.org/MGASA-2014-0165.html cve-icon cve-icon
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ cve-icon cve-icon
http://cogentdatahub.com/ReleaseNotes.html cve-icon cve-icon
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 cve-icon cve-icon
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3 cve-icon cve-icon
http://heartbleed.com/ cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139722163017074&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139757726426985&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139757819327350&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139757919027752&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139758572430452&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139765756720506&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139774054614965&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139774703817488&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139808058921905&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139817685517037&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139817727317190&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139817782017443&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139824923705461&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139824993005633&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139833395230364&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139835815211508&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139835844111589&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139836085512508&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139842151128341&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139843768401936&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139869720529462&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139869891830365&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139889113431619&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139889295732144&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905202427693&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905243827825&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905295427946&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905351928096&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905405728262&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905458328378&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905653828999&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139905868529690&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140015787404650&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140075368411126&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140724451518351&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=140752315422991&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141287864628122&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142660345230545&w=2 cve-icon cve-icon
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 cve-icon cve-icon
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0376.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0377.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0378.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0396.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Apr/109 cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Apr/173 cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Apr/190 cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Apr/90 cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Apr/91 cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Dec/23 cve-icon cve-icon
http://secunia.com/advisories/57347 cve-icon cve-icon
http://secunia.com/advisories/57483 cve-icon cve-icon
http://secunia.com/advisories/57721 cve-icon cve-icon
http://secunia.com/advisories/57836 cve-icon cve-icon
http://secunia.com/advisories/57966 cve-icon cve-icon
http://secunia.com/advisories/57968 cve-icon cve-icon
http://secunia.com/advisories/59139 cve-icon cve-icon
http://secunia.com/advisories/59243 cve-icon cve-icon
http://secunia.com/advisories/59347 cve-icon cve-icon
http://support.citrix.com/article/CTX140605 cve-icon cve-icon
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21670161 cve-icon cve-icon
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf cve-icon cve-icon
http://www.blackberry.com/btsc/KB35882 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2896 cve-icon cve-icon
http://www.exploit-db.com/exploits/32745 cve-icon cve-icon
http://www.exploit-db.com/exploits/32764 cve-icon cve-icon
http://www.f-secure.com/en/web/labs_global/fsc-2014-1 cve-icon cve-icon
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ cve-icon cve-icon
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/ cve-icon cve-icon
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ cve-icon cve-icon
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ cve-icon cve-icon
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf cve-icon cve-icon
http://www.kb.cert.org/vuls/id/720951 cve-icon cve-icon
http://www.kerio.com/support/kerio-control/release-history cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 cve-icon cve-icon
http://www.openssl.org/news/secadv_20140407.txt cve-icon cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/534161/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/66690 cve-icon cve-icon
http://www.securitytracker.com/id/1030026 cve-icon cve-icon
http://www.securitytracker.com/id/1030074 cve-icon cve-icon
http://www.securitytracker.com/id/1030077 cve-icon cve-icon
http://www.securitytracker.com/id/1030078 cve-icon cve-icon
http://www.securitytracker.com/id/1030079 cve-icon cve-icon
http://www.securitytracker.com/id/1030080 cve-icon cve-icon
http://www.securitytracker.com/id/1030081 cve-icon cve-icon
http://www.securitytracker.com/id/1030082 cve-icon cve-icon
http://www.splunk.com/view/SP-CAAAMB3 cve-icon cve-icon
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2165-1 cve-icon cve-icon
http://www.us-cert.gov/ncas/alerts/TA14-098A cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0012.html cve-icon cve-icon
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 cve-icon cve-icon
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1084875 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf cve-icon cve-icon
https://code.google.com/p/mod-spdy/issues/detail?id=85 cve-icon cve-icon
https://filezilla-project.org/versions.php?type=server cve-icon cve-icon
https://gist.github.com/chapmajs/10473815 cve-icon cve-icon
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken cve-icon cve-icon
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-0160 cve-icon
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html cve-icon cve-icon
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html cve-icon cve-icon
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 cve-icon cve-icon
https://www.cert.fi/en/reports/2014/vulnerability788210.html cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-0160 cve-icon
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 cve-icon cve-icon
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd cve-icon cve-icon
History

Tue, 13 Aug 2024 23:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-04-07T00:00:00

Updated: 2024-08-06T09:05:39.056Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0160

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-04-07T22:55:03.893

Modified: 2024-11-21T02:01:30.317

Link: CVE-2014-0160

cve-icon Redhat

Severity : Important

Publid Date: 2014-04-07T00:00:00Z

Links: CVE-2014-0160 - Bugzilla