Detections
Analytics
CVE-2014-0160
high
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
https://www.tenable.com/blog/from-bugs-to-breaches-25-significant-cves-as-mitre-cve-turns-25
https://www.threatdown.com/blog/five-years-later-heartbleed-vulnerability-still-unpatched/
https://www.theregister.com/2017/01/23/heartbleed_2017/
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
https://filezilla-project.org/versions.php?type=server
https://code.google.com/p/mod-spdy/issues/detail?id=85
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
http://www.us-cert.gov/ncas/alerts/TA14-098A
http://www.ubuntu.com/usn/USN-2165-1
http://www.splunk.com/view/SP-CAAAMB3
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.kb.cert.org/vuls/id/720951
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.debian.org/security/2014/dsa-2896
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
http://support.citrix.com/article/CTX140605
http://seclists.org/fulldisclosure/2014/Dec/23
http://seclists.org/fulldisclosure/2014/Apr/91
http://seclists.org/fulldisclosure/2014/Apr/90
http://seclists.org/fulldisclosure/2014/Apr/190
http://seclists.org/fulldisclosure/2014/Apr/173
http://seclists.org/fulldisclosure/2014/Apr/109
http://rhn.redhat.com/errata/RHSA-2014-0396.html
http://rhn.redhat.com/errata/RHSA-2014-0378.html
http://rhn.redhat.com/errata/RHSA-2014-0377.html
http://rhn.redhat.com/errata/RHSA-2014-0376.html
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=141287864628122&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://marc.info/?l=bugtraq&m=140724451518351&w=2
http://marc.info/?l=bugtraq&m=140075368411126&w=2
http://marc.info/?l=bugtraq&m=140015787404650&w=2
http://marc.info/?l=bugtraq&m=139905868529690&w=2
http://marc.info/?l=bugtraq&m=139905653828999&w=2
http://marc.info/?l=bugtraq&m=139905458328378&w=2
http://marc.info/?l=bugtraq&m=139905405728262&w=2
http://marc.info/?l=bugtraq&m=139905351928096&w=2
http://marc.info/?l=bugtraq&m=139905295427946&w=2
http://marc.info/?l=bugtraq&m=139905243827825&w=2
http://marc.info/?l=bugtraq&m=139905202427693&w=2
http://marc.info/?l=bugtraq&m=139889295732144&w=2
http://marc.info/?l=bugtraq&m=139889113431619&w=2
http://marc.info/?l=bugtraq&m=139869891830365&w=2
http://marc.info/?l=bugtraq&m=139869720529462&w=2
http://marc.info/?l=bugtraq&m=139843768401936&w=2
http://marc.info/?l=bugtraq&m=139842151128341&w=2
http://marc.info/?l=bugtraq&m=139836085512508&w=2
http://marc.info/?l=bugtraq&m=139835844111589&w=2
http://marc.info/?l=bugtraq&m=139835815211508&w=2
http://marc.info/?l=bugtraq&m=139833395230364&w=2
http://marc.info/?l=bugtraq&m=139824993005633&w=2
http://marc.info/?l=bugtraq&m=139824923705461&w=2
http://marc.info/?l=bugtraq&m=139817782017443&w=2
http://marc.info/?l=bugtraq&m=139817727317190&w=2
http://marc.info/?l=bugtraq&m=139817685517037&w=2
http://marc.info/?l=bugtraq&m=139808058921905&w=2
http://marc.info/?l=bugtraq&m=139774703817488&w=2
http://marc.info/?l=bugtraq&m=139774054614965&w=2
http://marc.info/?l=bugtraq&m=139765756720506&w=2
http://marc.info/?l=bugtraq&m=139758572430452&w=2
http://marc.info/?l=bugtraq&m=139757919027752&w=2
http://marc.info/?l=bugtraq&m=139757819327350&w=2
http://marc.info/?l=bugtraq&m=139757726426985&w=2
http://marc.info/?l=bugtraq&m=139722163017074&w=2
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://cogentdatahub.com/ReleaseNotes.html
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/