CVE-2014-0160
ADVISORY - nistSummary
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
Debian
CREATED
UPDATED
ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Amazon
CREATED
UPDATED
ADVISORY IDALAS-2014-320
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
SUSE
CREATED
UPDATED
ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2014-0376
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CISA
CREATED
UPDATED
ADVISORY ID
CVE-2014-0160
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
vulncheck
CREATED
UPDATED
ADVISORY ID
CVE-2014-0160
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)-