PT-2014-1894 · Openssl+6 · Openssl+6

Publicado

2014-04-07

Atualizado

2026-03-10

CVE-2014-0160

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1f

Description The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, allowing remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read. This can be demonstrated by reading private keys. The issue is related to the handling of Heartbeat Extension packets.

Recommendations For OpenSSL versions 1.0.1 through 1.0.1f, update to version 1.0.1g or later to resolve the issue. As a temporary workaround, consider disabling the Heartbeat Extension feature until a patch is available. Restrict access to sensitive information and private keys to minimize the risk of exploitation.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-310

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2014-1451

BDU:2015-09760

CESA-2014_0376

CVE-2014-0160

DSA-2896-1

ELSA-2014-0376

HEARTBLEEDCHECK

MGASA-2014-0165

MGASA-2014-0256

OPENSUSE-SU-2014_0492-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10289-1

OPENSUSE-SU-2024:10423-1

OPENSUSE-SU-2024:10528-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:10580-1

OPENSUSE-SU-2024:11127-1

RHSA-2014:0376

RHSA-2014:0377

RHSA-2014:0378

RHSA-2014:0396

RHSA-2014:0416

RHSA-2014_0376

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0546-1

SUSE-SU-2015:1185-1

Produtos afetados

Alt Linux

Centos

Huawei Vrp

Openssl

Opera

Red Hat

Suse

PT-2014-1894 · Openssl+6 · Openssl+6

CVE-2014-0160

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 356