CVE-2014-0160

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Buffer Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2010-5298, CVE-2013-0169, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567

Published on 08/04/14 - Updated on 09/10/18

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2014-0160
Amazon Linux ALAS-2014-320
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-197, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-201, CERTFR-2014-AVI-213
CentOS CESA-2014:0376
Debian DSA-2896-1
Libre Office CVE-2014-0160
Oracle Linux ELSA-2014-0376, ELSA-2014-1652
Redhat RHSA-2014:0376
Renater 2014/VULN102, 2014/VULN103, 2014/VULN104, 2014/VULN105, 2014/VULN111, 2014/VULN116, 2014/VULN148, 2014/VULN93
Ubuntu USN-2165-1

Exploits

Exploit-DBEDB-32745, EDB-32764, EDB-32791, EDB-32998
SecurityFocusBID-66690

Relative technologies

VendorProduct
opensslopenssl

Share this vulnerability with:

Twitter Facebook LinkedIn Mail