CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0160

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score47.6430%
EPSS Percentile92.33th
PublishedApr 7, 2014
Last ModifiedApr 21, 2026

Vulnerability Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Affected Platforms (CPE)

πŸ“¦
Openssl

Openssl

>= 1.0.1 and < 1.0.1g
πŸ“¦
Filezilla Project

Filezilla Server

< 0.9.44
πŸ’»
Siemens

Application Processing Engine Firmware

= 2.0
πŸ’»
Siemens

Cp 1543 1 Firmware

= 1.1
πŸ’»
Siemens

Simatic S7 1500 Firmware

= 1.5
πŸ’»
Siemens

Simatic S7 1500t Firmware

= 1.5
πŸ“¦
Siemens

Elan 8.2

< 8.3.3
πŸ“¦
Siemens

Wincc Open Architecture

= 3.12
πŸ’»
Intellian

V100 Firmware

= 1.20
πŸ’»
Intellian

V100 Firmware

= 1.21
πŸ’»
Intellian

V100 Firmware

= 1.24
πŸ’»
Intellian

V60 Firmware

= 1.15
πŸ’»
Intellian

V60 Firmware

= 1.25
πŸ“¦
Mitel

Micollab

= 6.0
πŸ“¦
Mitel

Micollab

= 7.0
πŸ“¦
Mitel

Micollab

= 7.1
πŸ“¦
Mitel

Micollab

= 7.2
πŸ“¦
Mitel

Micollab

= 7.3
πŸ“¦
Mitel

Micollab

= 7.3.0.104
πŸ“¦
Mitel

Mivoice

= 1.1.2.5
πŸ“¦
Mitel

Mivoice

= 1.1.3.3
πŸ“¦
Mitel

Mivoice

= 1.2.0.11
πŸ“¦
Mitel

Mivoice

= 1.3.2.2
πŸ“¦
Mitel

Mivoice

= 1.4.0.102
πŸ’»
Opensuse

Opensuse

= 12.3
πŸ’»
Opensuse

Opensuse

= 13.1
πŸ’»
Canonical

Ubuntu Linux

= 12.04
πŸ’»
Canonical

Ubuntu Linux

= 12.10
πŸ’»
Canonical

Ubuntu Linux

= 13.10
πŸ’»
Fedoraproject

Fedora

= 19
πŸ’»
Fedoraproject

Fedora

= 20
πŸ“¦
Redhat

Gluster Storage

= 2.1
πŸ“¦
Redhat

Storage

= 2.1
πŸ“¦
Redhat

Virtualization

= 6.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Server Aus

= 6.5
πŸ’»
Redhat

Enterprise Linux Server Eus

= 6.5
πŸ’»
Redhat

Enterprise Linux Server Tus

= 6.5
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0
πŸ’»
Debian

Debian Linux

= 6.0
πŸ’»
Debian

Debian Linux

= 7.0
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Ricon

S9922l Firmware

= 16.10.3\(3794\)
πŸ“¦
Broadcom

Symantec Messaging Gateway

= 10.6.0
πŸ“¦
Broadcom

Symantec Messaging Gateway

= 10.6.1
πŸ“¦
Splunk

Splunk

>= 6.0.0 and < 6.0.3

References & Advisories

πŸ”— http://advisories.mageia.org/MGASA-2014-0165.html
πŸ”— http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
πŸ”— http://cogentdatahub.com/ReleaseNotes.html
πŸ”— http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
πŸ”— http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
πŸ”— http://heartbleed.com/
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

Related Vulnerabilities

CVE-2006-373810.0

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions h...

CVE-2009-324510.0

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/...

CVE-2004-060710.0

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could ...

CVE-2019-102119.8

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code ...