Sign In

CVE-2014-0160

ADVISORY - nist

Summary

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

EPSS Score: 0.97414 (1.000)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-125

Out-of-bounds Read

ADVISORY - redhat

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-130

Improper Handling of Length Parameter Inconsistency

CWE-201

Insertion of Sensitive Information Into Sent Data

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-125

CVSS SCORE

7.5high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Amazon

CREATED

UPDATED

ADVISORY IDALAS-2014-320
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Acritical

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

10.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-119CWE-130CWE-201

CVSS SCORE

5high

SUSE

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2014-0376
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

CISA

CREATED

UPDATED

ADVISORY ID

CVE-2014-0160

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

vulncheck

CREATED

UPDATED

ADVISORY ID

CVE-2014-0160

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY