CVE-2014-0160

ADVISORY - nist

Summary

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

EPSS Score: 0.97414 (1.000)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Out-of-bounds Read

ADVISORY - redhat

Improper Restriction of Operations within the Bounds of a Memory Buffer

Improper Handling of Length Parameter Inconsistency

Insertion of Sensitive Information Into Sent Data


NIST

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Amazon

CREATED

UPDATED

ADVISORY IDALAS-2014-320
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Acritical

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

10.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5high

SUSE

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Oracle

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2014-0160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

CISA

CREATED

UPDATED

ADVISORY ID

CVE-2014-0160

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

vulncheck

CREATED

UPDATED

ADVISORY ID

CVE-2014-0160

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY