Sign In

CVE-2014-0160

SOURCE - nist

Summary

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

EPSS Score: 0.97485 (1.000)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-125

Out-of-bounds Read

SOURCE - redhat

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-130

Improper Handling of Length Parameter Inconsistency

CWE-201

Insertion of Sensitive Information Into Sent Data

Sources (9)

Impacted images

nist

CREATED

UPDATED

SOURCE IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-125

CVSS SCORE

7.5high

debian

CREATED

UPDATED

SOURCE IDCVE-2014-0160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

UPDATED

SOURCE IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

amazon

CREATED

UPDATED

SOURCE IDALAS-2014-320
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Acritical

redhat

CREATED

UPDATED

SOURCE IDCVE-2014-0160
EXPLOITABILITY SCORE

10.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-119CWE-130CWE-201

CVSS SCORE

5high

suse

CREATED

UPDATED

SOURCE IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

oracle

CREATED

UPDATED

SOURCE IDELSA-2014-0376
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

inthewild

CREATED

UPDATED

SOURCE IDCVE-2014-0160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

cisa

CREATED

UPDATED

SOURCE ID

CVE-2014-0160

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE