CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 03, 2013
- Published Date
- April 07, 2014
- Last Updated
- February 07, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS Scores
CVSS v3.1
7.5 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
References
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
http://www.securitytracker.com/id/1030077
http://seclists.org/fulldisclosure/2014/Apr/90
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://www.debian.org/security/2014/dsa-2896
http://marc.info/?l=bugtraq&m=139774054614965&w=2
http://marc.info/?l=bugtraq&m=139889113431619&w=2
http://rhn.redhat.com/errata/RHSA-2014-0396.html
http://marc.info/?l=bugtraq&m=139835815211508&w=2
http://marc.info/?l=bugtraq&m=141287864628122&w=2
http://www.kb.cert.org/vuls/id/720951
http://www.splunk.com/view/SP-CAAAMB3
http://marc.info/?l=bugtraq&m=139905295427946&w=2
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://marc.info/?l=bugtraq&m=139833395230364&w=2
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://seclists.org/fulldisclosure/2014/Apr/109
http://marc.info/?l=bugtraq&m=140724451518351&w=2
http://www.securitytracker.com/id/1030080
http://secunia.com/advisories/57836
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://marc.info/?l=bugtraq&m=139808058921905&w=2
http://marc.info/?l=bugtraq&m=139758572430452&w=2
http://www.securityfocus.com/bid/66690
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
https://filezilla-project.org/versions.php?type=server
http://marc.info/?l=bugtraq&m=139843768401936&w=2
http://secunia.com/advisories/57483
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
http://www.kerio.com/support/kerio-control/release-history
http://advisories.mageia.org/MGASA-2014-0165.html
http://www.blackberry.com/btsc/KB35882
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=140075368411126&w=2
http://marc.info/?l=bugtraq&m=139905351928096&w=2
http://www.securitytracker.com/id/1030081
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://marc.info/?l=bugtraq&m=139824993005633&w=2
http://www.securitytracker.com/id/1030079
http://rhn.redhat.com/errata/RHSA-2014-0377.html
http://marc.info/?l=bugtraq&m=139722163017074&w=2
http://marc.info/?l=bugtraq&m=139889295732144&w=2
https://code.google.com/p/mod-spdy/issues/detail?id=85
http://marc.info/?l=bugtraq&m=139765756720506&w=2
http://marc.info/?l=bugtraq&m=139774703817488&w=2
http://marc.info/?l=bugtraq&m=139905202427693&w=2
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://heartbleed.com/
http://marc.info/?l=bugtraq&m=139817782017443&w=2
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
http://marc.info/?l=bugtraq&m=140015787404650&w=2
http://cogentdatahub.com/ReleaseNotes.html
http://marc.info/?l=bugtraq&m=139869720529462&w=2
http://marc.info/?l=bugtraq&m=139842151128341&w=2
http://marc.info/?l=bugtraq&m=139905243827825&w=2
http://marc.info/?l=bugtraq&m=139905458328378&w=2
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
http://www.us-cert.gov/ncas/alerts/TA14-098A
http://secunia.com/advisories/57347
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
http://seclists.org/fulldisclosure/2014/Apr/173
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://seclists.org/fulldisclosure/2014/Dec/23
http://marc.info/?l=bugtraq&m=139905653828999&w=2
http://www.ubuntu.com/usn/USN-2165-1
http://rhn.redhat.com/errata/RHSA-2014-0378.html
http://marc.info/?l=bugtraq&m=139757919027752&w=2
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
http://www.exploit-db.com/exploits/32764
http://marc.info/?l=bugtraq&m=139757726426985&w=2
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
http://marc.info/?l=bugtraq&m=139869891830365&w=2
http://marc.info/?l=bugtraq&m=139905868529690&w=2
http://marc.info/?l=bugtraq&m=139817685517037&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://seclists.org/fulldisclosure/2014/Apr/91
http://www.securitytracker.com/id/1030078
http://secunia.com/advisories/59243
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://marc.info/?l=bugtraq&m=139836085512508&w=2
http://marc.info/?l=bugtraq&m=139824923705461&w=2
http://rhn.redhat.com/errata/RHSA-2014-0376.html
http://marc.info/?l=bugtraq&m=139835844111589&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
https://www.cert.fi/en/reports/2014/vulnerability788210.html
http://secunia.com/advisories/57721
http://secunia.com/advisories/57968
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
http://marc.info/?l=bugtraq&m=139905405728262&w=2
http://www.securitytracker.com/id/1030082
http://marc.info/?l=bugtraq&m=139757819327350&w=2
http://www.exploit-db.com/exploits/32745
http://seclists.org/fulldisclosure/2014/Apr/190
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://marc.info/?l=bugtraq&m=139817727317190&w=2
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www.openssl.org/news/secadv_20140407.txt
https://gist.github.com/chapmajs/10473815
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://www.securitytracker.com/id/1030074
http://support.citrix.com/article/CTX140605
http://secunia.com/advisories/59139
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://secunia.com/advisories/57966
http://www.securitytracker.com/id/1030026
http://secunia.com/advisories/59347
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-05-04 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
yashfren/CVE-2014-0160-HeartBleed
Type: github • Created: 2024-09-20 13:44:54 UTC • Stars: 0
MrE-Fog/CVE-2014-0160-Chrome-Plugin
Type: github • Created: 2023-04-30 13:56:47 UTC • Stars: 0
n3rdh4x0r/CVE-2014-0160_Heartbleed
Type: github • Created: 2022-04-24 11:53:16 UTC • Stars: 0
WildfootW/CVE-2014-0160_OpenSSL_1.0.1f_Heartbleed
Type: github • Created: 2020-12-09 15:08:21 UTC • Stars: 0
artofscripting-zz/cmty-ssl-heartbleed-CVE-2014-0160-HTTP-HTTPS
Type: github • Created: 2019-04-02 17:08:01 UTC • Stars: 0
caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC
Type: github • Created: 2018-11-08 02:50:28 UTC • Stars: 0
来自:https://www.freebuf.com/articles/web/31700.html
Xyl2k/CVE-2014-0160-Chrome-Plugin
Type: github • Created: 2016-02-16 15:49:55 UTC • Stars: 1
Heartbleed
0x90/CVE-2014-0160
Type: github • Created: 2014-04-10 02:47:43 UTC • Stars: 6
Heartbleed variants
obayesshelton/CVE-2014-0160-Scanner
Type: github • Created: 2014-04-08 14:22:36 UTC • Stars: 0
jdauphant/patch-openssl-CVE-2014-0160
Type: github • Created: 2014-04-08 09:19:49 UTC • Stars: 19
Patch openssl #heartbleed with ansible