The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
Configuration 15 (hide)
|
Configuration 16 (hide)
AND |
|
History
07 Nov 2023, 02:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 Feb 2023, 16:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 | |
First Time |
Ricon s9922l Firmware
Ricon Ricon s9922l |
|
CPE | cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:* cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:* |
|
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/534161/100/0/threaded - Not Applicable, Third Party Advisory, VDB Entry | |
References | (MISC) https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd - Exploit, Third Party Advisory |
15 Nov 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-04-07 22:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-0160
Mitre link : CVE-2014-0160
CVE.ORG link : CVE-2014-0160
JSON object : View
Products Affected
openssl
- openssl
intellian
- v60
- v60_firmware
- v100_firmware
- v100
debian
- debian_linux
ricon
- s9922l_firmware
- s9922l
siemens
- cp_1543-1_firmware
- simatic_s7-1500t
- simatic_s7-1500t_firmware
- application_processing_engine_firmware
- simatic_s7-1500
- elan-8.2
- simatic_s7-1500_firmware
- wincc_open_architecture
- application_processing_engine
- cp_1543-1
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- gluster_storage
- virtualization
- enterprise_linux_server_eus
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
- storage
filezilla-project
- filezilla_server
fedoraproject
- fedora
mitel
- mivoice
- micollab
canonical
- ubuntu_linux
opensuse
- opensuse
CWE
CWE-125
Out-of-bounds Read