CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
Link Resource
http://advisories.mageia.org/MGASA-2014-0165.html Third Party Advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ Third Party Advisory
http://cogentdatahub.com/ReleaseNotes.html Release Notes Third Party Advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 Broken Link
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
http://heartbleed.com/ Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139757726426985&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139757819327350&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139765756720506&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139808058921905&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139817727317190&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139817782017443&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139824993005633&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139833395230364&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139836085512508&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139843768401936&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139869720529462&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139869891830365&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905295427946&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905405728262&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905653828999&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140015787404650&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140075368411126&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140724451518351&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2 Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0377.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.html Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/109 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/173 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/190 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/90 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/91 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List Third Party Advisory
http://secunia.com/advisories/57347 Third Party Advisory
http://secunia.com/advisories/57483 Third Party Advisory
http://secunia.com/advisories/57721 Third Party Advisory
http://secunia.com/advisories/57836 Third Party Advisory
http://secunia.com/advisories/57966 Third Party Advisory
http://secunia.com/advisories/57968 Third Party Advisory
http://secunia.com/advisories/59139 Third Party Advisory
http://secunia.com/advisories/59243 Third Party Advisory
http://secunia.com/advisories/59347 Third Party Advisory
http://support.citrix.com/article/CTX140605 Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21670161 Broken Link
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf Third Party Advisory
http://www.blackberry.com/btsc/KB35882 Broken Link
http://www.debian.org/security/2014/dsa-2896 Third Party Advisory
http://www.exploit-db.com/exploits/32745 Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/32764 Exploit Third Party Advisory VDB Entry
http://www.f-secure.com/en/web/labs_global/fsc-2014-1 Third Party Advisory
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ Third Party Advisory
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/ Third Party Advisory
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ Third Party Advisory
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ Third Party Advisory
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf Not Applicable
http://www.kb.cert.org/vuls/id/720951 Third Party Advisory US Government Resource
http://www.kerio.com/support/kerio-control/release-history Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 Third Party Advisory
http://www.openssl.org/news/secadv_20140407.txt Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded Not Applicable Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/66690 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030026 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030074 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030077 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030078 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030079 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030080 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030081 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030082 Third Party Advisory VDB Entry
http://www.splunk.com/view/SP-CAAAMB3 Third Party Advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 Third Party Advisory
http://www.ubuntu.com/usn/USN-2165-1 Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-098A Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Not Applicable
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Not Applicable
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1084875 Issue Tracking Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf Third Party Advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85 Third Party Advisory
https://filezilla-project.org/versions.php?type=server Release Notes Third Party Advisory
https://gist.github.com/chapmajs/10473815 Third Party Advisory
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken Broken Link
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html Third Party Advisory
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html Exploit Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 Third Party Advisory
https://www.cert.fi/en/reports/2014/vulnerability788210.html Third Party Advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 Third Party Advisory
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*

Configuration 10 (hide)

OR cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*

Configuration 11 (hide)

OR cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 12 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 13 (hide)

OR cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

Configuration 14 (hide)

OR cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 15 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*

History

07 Nov 2023, 02:18

Type Values Removed Values Added
References
  • {'url': 'http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3', 'name': 'http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E -
  • () http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3 -
  • () https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E -
  • () https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E -
  • () https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E -

10 Feb 2023, 16:58

Type Values Removed Values Added
CWE CWE-119 CWE-125
First Time Ricon s9922l Firmware
Ricon
Ricon s9922l
CPE cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
References (BUGTRAQ) http://www.securityfocus.com/archive/1/534161/100/0/threaded - Not Applicable (BUGTRAQ) http://www.securityfocus.com/archive/1/534161/100/0/threaded - Not Applicable, Third Party Advisory, VDB Entry
References (MISC) https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd - (MISC) https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd - Exploit, Third Party Advisory

15 Nov 2022, 21:15

Type Values Removed Values Added
References
  • (MISC) https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd -

Information

Published : 2014-04-07 22:55

Updated : 2023-12-10 11:31


NVD link : CVE-2014-0160

Mitre link : CVE-2014-0160

CVE.ORG link : CVE-2014-0160


JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_server_tus
  • enterprise_linux_workstation
  • enterprise_linux_server_eus
  • virtualization
  • storage
  • enterprise_linux_server_aus
  • gluster_storage

siemens

  • application_processing_engine
  • simatic_s7-1500t
  • application_processing_engine_firmware
  • wincc_open_architecture
  • simatic_s7-1500
  • cp_1543-1_firmware
  • simatic_s7-1500_firmware
  • simatic_s7-1500t_firmware
  • cp_1543-1
  • elan-8.2

openssl

  • openssl

ricon

  • s9922l
  • s9922l_firmware

intellian

  • v60
  • v100_firmware
  • v100
  • v60_firmware

canonical

  • ubuntu_linux

mitel

  • mivoice
  • micollab

debian

  • debian_linux

filezilla-project

  • filezilla_server

fedoraproject

  • fedora

opensuse

  • opensuse
CWE
CWE-125

Out-of-bounds Read