CVE - CVE-2014-0160

CVE-ID
CVE-2014-0160	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded EXPLOIT-DB:32745 URL:http://www.exploit-db.com/exploits/32745 EXPLOIT-DB:32764 URL:http://www.exploit-db.com/exploits/32764 FULLDISC:20140408 Re: heartbleed OpenSSL bug CVE-2014-0160 URL:http://seclists.org/fulldisclosure/2014/Apr/91 FULLDISC:20140408 heartbleed OpenSSL bug CVE-2014-0160 URL:http://seclists.org/fulldisclosure/2014/Apr/90 FULLDISC:20140409 Re: heartbleed OpenSSL bug CVE-2014-0160 URL:http://seclists.org/fulldisclosure/2014/Apr/109 FULLDISC:20140412 Re: heartbleed OpenSSL bug CVE-2014-0160 URL:http://seclists.org/fulldisclosure/2014/Apr/190 FULLDISC:20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL URL:http://seclists.org/fulldisclosure/2014/Apr/173 FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 MLIST:[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released URL:https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html MISC:http://heartbleed.com/ MISC:http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ MISC:https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 MISC:https://gist.github.com/chapmajs/10473815 MISC:https://www.cert.fi/en/reports/2014/vulnerability788210.html CONFIRM:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 CONFIRM:http://www.openssl.org/news/secadv_20140407.txt CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1084875 CONFIRM:http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21670161 CONFIRM:http://www.blackberry.com/btsc/KB35882 CONFIRM:http://www.splunk.com/view/SP-CAAAMB3 CONFIRM:https://code.google.com/p/mod-spdy/issues/detail?id=85 CONFIRM:http://www.f-secure.com/en/web/labs_global/fsc-2014-1 CONFIRM:http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ CONFIRM:http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/ CONFIRM:http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ CONFIRM:http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ CONFIRM:http://cogentdatahub.com/ReleaseNotes.html CONFIRM:http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 CONFIRM:http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 CONFIRM:http://www.kerio.com/support/kerio-control/release-history CONFIRM:http://advisories.mageia.org/MGASA-2014-0165.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001841 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001843 CONFIRM:https://filezilla-project.org/versions.php?type=server CONFIRM:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 CONFIRM:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 CONFIRM:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 CONFIRM:http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf CONFIRM:http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf CONFIRM:http://support.citrix.com/article/CTX140605 CONFIRM:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html CONFIRM:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 CISCO:20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed DEBIAN:DSA-2896 URL:http://www.debian.org/security/2014/dsa-2896 FEDORA:FEDORA-2014-4879 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html FEDORA:FEDORA-2014-4910 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html FEDORA:FEDORA-2014-9308 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html HP:HPSBMU02995 URL:http://marc.info/?l=bugtraq&m=139722163017074&w=2 HP:HPSBMU03009 URL:http://marc.info/?l=bugtraq&m=139905458328378&w=2 HP:HPSBMU03022 URL:http://marc.info/?l=bugtraq&m=139869891830365&w=2 HP:HPSBMU03024 URL:http://marc.info/?l=bugtraq&m=139889113431619&w=2 HP:HPSBST03000 URL:https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken HP:HPSBHF03136 URL:http://marc.info/?l=bugtraq&m=141287864628122&w=2 HP:HPSBHF03293 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 HP:SSRT101846 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 HP:HPSBGN03008 URL:http://marc.info/?l=bugtraq&m=139774054614965&w=2 HP:HPSBGN03010 URL:http://marc.info/?l=bugtraq&m=139774703817488&w=2 HP:HPSBGN03011 URL:http://marc.info/?l=bugtraq&m=139833395230364&w=2 HP:HPSBHF03021 URL:http://marc.info/?l=bugtraq&m=139835815211508&w=2 HP:HPSBMU02994 URL:http://marc.info/?l=bugtraq&m=139757726426985&w=2 HP:HPSBMU02997 URL:http://marc.info/?l=bugtraq&m=139757919027752&w=2 HP:HPSBMU02998 URL:http://marc.info/?l=bugtraq&m=139757819327350&w=2 HP:HPSBMU02999 URL:http://marc.info/?l=bugtraq&m=139765756720506&w=2 HP:HPSBMU03012 URL:http://marc.info/?l=bugtraq&m=139808058921905&w=2 HP:HPSBMU03013 URL:http://marc.info/?l=bugtraq&m=139824993005633&w=2 HP:HPSBMU03017 URL:http://marc.info/?l=bugtraq&m=139817727317190&w=2 HP:HPSBMU03018 URL:http://marc.info/?l=bugtraq&m=139817782017443&w=2 HP:HPSBMU03019 URL:http://marc.info/?l=bugtraq&m=139817685517037&w=2 HP:HPSBMU03020 URL:http://marc.info/?l=bugtraq&m=139836085512508&w=2 HP:HPSBMU03023 URL:http://marc.info/?l=bugtraq&m=139843768401936&w=2 HP:HPSBMU03025 URL:http://marc.info/?l=bugtraq&m=139869720529462&w=2 HP:HPSBMU03028 URL:http://marc.info/?l=bugtraq&m=139905243827825&w=2 HP:HPSBMU03029 URL:http://marc.info/?l=bugtraq&m=139905202427693&w=2 HP:HPSBMU03030 URL:http://marc.info/?l=bugtraq&m=139905351928096&w=2 HP:HPSBMU03032 URL:http://marc.info/?l=bugtraq&m=139905405728262&w=2 HP:HPSBMU03033 URL:http://marc.info/?l=bugtraq&m=139905295427946&w=2 HP:HPSBMU03037 URL:http://marc.info/?l=bugtraq&m=140724451518351&w=2 HP:HPSBMU03040 URL:http://marc.info/?l=bugtraq&m=140015787404650&w=2 HP:HPSBMU03044 URL:http://marc.info/?l=bugtraq&m=140075368411126&w=2 HP:HPSBMU03062 URL:http://marc.info/?l=bugtraq&m=140752315422991&w=2 HP:HPSBPI03014 URL:http://marc.info/?l=bugtraq&m=139835844111589&w=2 HP:HPSBPI03031 URL:http://marc.info/?l=bugtraq&m=139889295732144&w=2 HP:HPSBST03001 URL:http://marc.info/?l=bugtraq&m=139758572430452&w=2 HP:HPSBST03004 URL:http://marc.info/?l=bugtraq&m=139905653828999&w=2 HP:HPSBST03015 URL:http://marc.info/?l=bugtraq&m=139824923705461&w=2 HP:HPSBST03016 URL:http://marc.info/?l=bugtraq&m=139842151128341&w=2 HP:HPSBST03027 URL:http://marc.info/?l=bugtraq&m=139905868529690&w=2 MANDRIVA:MDVSA-2015:062 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 REDHAT:RHSA-2014:0376 URL:http://rhn.redhat.com/errata/RHSA-2014-0376.html REDHAT:RHSA-2014:0377 URL:http://rhn.redhat.com/errata/RHSA-2014-0377.html REDHAT:RHSA-2014:0378 URL:http://rhn.redhat.com/errata/RHSA-2014-0378.html REDHAT:RHSA-2014:0396 URL:http://rhn.redhat.com/errata/RHSA-2014-0396.html SUSE:SUSE-SA:2014:002 URL:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html SUSE:openSUSE-SU-2014:0492 URL:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html SUSE:openSUSE-SU-2014:0560 URL:http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html UBUNTU:USN-2165-1 URL:http://www.ubuntu.com/usn/USN-2165-1 CERT:TA14-098A URL:http://www.us-cert.gov/ncas/alerts/TA14-098A CERT-VN:VU#720951 URL:http://www.kb.cert.org/vuls/id/720951 BID:66690 URL:http://www.securityfocus.com/bid/66690 SECTRACK:1030026 URL:http://www.securitytracker.com/id/1030026 SECTRACK:1030074 URL:http://www.securitytracker.com/id/1030074 SECTRACK:1030077 URL:http://www.securitytracker.com/id/1030077 SECTRACK:1030078 URL:http://www.securitytracker.com/id/1030078 SECTRACK:1030079 URL:http://www.securitytracker.com/id/1030079 SECTRACK:1030080 URL:http://www.securitytracker.com/id/1030080 SECTRACK:1030081 URL:http://www.securitytracker.com/id/1030081 SECTRACK:1030082 URL:http://www.securitytracker.com/id/1030082 SECUNIA:57347 URL:http://secunia.com/advisories/57347 SECUNIA:57483 URL:http://secunia.com/advisories/57483 SECUNIA:57721 URL:http://secunia.com/advisories/57721 SECUNIA:57836 URL:http://secunia.com/advisories/57836 SECUNIA:57966 URL:http://secunia.com/advisories/57966 SECUNIA:57968 URL:http://secunia.com/advisories/57968 SECUNIA:59243 URL:http://secunia.com/advisories/59243 SECUNIA:59139 URL:http://secunia.com/advisories/59139 SECUNIA:59347 URL:http://secunia.com/advisories/59347
Assigning CNA
N/A
Date Entry Created
20131203	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org