Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-0160

Опубликовано: 07 апр. 2014
Источник: ubuntu
Приоритет: high
CVSS2: 5
CVSS3: 7.5

Описание

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

РелизСтатусПримечание
devel

released

1.0.1f-1ubuntu2
lucid

not-affected

code not present
precise

released

1.0.1-4ubuntu5.12
quantal

released

1.0.1c-3ubuntu2.7
saucy

released

1.0.1e-3ubuntu1.2
upstream

released

1.0.1g

Показывать по

РелизСтатусПримечание
devel

not-affected

lucid

DNE

precise

not-affected

quantal

not-affected

saucy

not-affected

upstream

not-affected

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2014-0160

redhat
больше 11 лет назад

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

nvd логотип

CVE-2014-0160

CVSS3: 7.5
nvd
больше 11 лет назад

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

debian логотип

CVE-2014-0160

CVSS3: 7.5
debian
больше 11 лет назад

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1 ...

github логотип

GHSA-w8r8-w5w4-4w4v

CVSS3: 7.5
github
больше 3 лет назад

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

oracle-oval логотип

ELSA-2014-0376

oracle-oval
больше 11 лет назад

ELSA-2014-0376: openssl security update (IMPORTANT)

5 Medium

CVSS2

7.5 High

CVSS3