PT-2014-1894 · Openssl+6 · Openssl+6

Published

2014-04-07

Updated

2026-03-10

CVE-2014-0160

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1f

Description The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, allowing remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read. This can be demonstrated by reading private keys. The issue is related to the handling of Heartbeat Extension packets.

Recommendations For OpenSSL versions 1.0.1 through 1.0.1f, update to version 1.0.1g or later to resolve the issue. As a temporary workaround, consider disabling the Heartbeat Extension feature until a patch is available. Restrict access to sensitive information and private keys to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-310

Related Identifiers

ALSA-2025_16880

ALT-PU-2014-1451

BDU:2015-09760

CESA-2014_0376

CVE-2014-0160

DSA-2896-1

ELSA-2014-0376

HEARTBLEEDCHECK

MGASA-2014-0165

MGASA-2014-0256

OPENSUSE-SU-2014_0492-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10289-1

OPENSUSE-SU-2024:10423-1

OPENSUSE-SU-2024:10528-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:10580-1

OPENSUSE-SU-2024:11127-1

RHSA-2014:0376

RHSA-2014:0377

RHSA-2014:0378

RHSA-2014:0396

RHSA-2014:0416

RHSA-2014_0376

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0546-1

SUSE-SU-2015:1185-1

Affected Products

Alt Linux

Centos

Huawei Vrp

Openssl

Opera

Red Hat

Suse

PT-2014-1894 · Openssl+6 · Openssl+6

CVE-2014-0160

Weakness Enumeration

Related Identifiers

Affected Products

References · 356