CVE-2014-0160

Known Exploited Public Exploit

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 94.47% Top 5%
KEV Since 
Vendor Advisory debian.org Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory cisco.com Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory fedoraproject.org Vendor Advisory fedoraproject.org Vendor Advisory fedoraproject.org Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory hp.com Vendor Advisory marc.info Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory mandriva.com Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory openssl.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 third party advisory
http://www.securitytracker.com/id/1030077 broken link third party advisory vdb entry
http://seclists.org/fulldisclosure/2014/Apr/90 third party advisory mailing list
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/ third party advisory
http://www.debian.org/security/2014/dsa-2896 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2 vendor advisory mailing list third party advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.html third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2 vendor advisory mailing list third party advisory
http://www.kb.cert.org/vuls/id/720951 third party advisory us government resource
http://www.splunk.com/view/SP-CAAAMB3 third party advisory
http://marc.info/?l=bugtraq&m=139905295427946&w=2 vendor advisory mailing list third party advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 broken link
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf third party advisory broken link
http://marc.info/?l=bugtraq&m=139833395230364&w=2 vendor advisory mailing list third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21670161 broken link
http://www.vmware.com/security/advisories/VMSA-2014-0012.html broken link
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2 vendor advisory mailing list third party advisory
http://seclists.org/fulldisclosure/2014/Apr/109 third party advisory mailing list
http://marc.info/?l=bugtraq&m=140724451518351&w=2 vendor advisory mailing list third party advisory
http://www.securitytracker.com/id/1030080 broken link third party advisory vdb entry
http://secunia.com/advisories/57836 third party advisory broken link
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 third party advisory
http://marc.info/?l=bugtraq&m=139808058921905&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2 vendor advisory mailing list third party advisory
http://www.securityfocus.com/bid/66690 broken link third party advisory vdb entry
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf not applicable
https://filezilla-project.org/versions.php?type=server release notes
http://marc.info/?l=bugtraq&m=139843768401936&w=2 vendor advisory mailing list third party advisory
http://secunia.com/advisories/57483 third party advisory broken link
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed third party advisory vendor advisory
http://www.kerio.com/support/kerio-control/release-history third party advisory broken link
http://advisories.mageia.org/MGASA-2014-0165.html third party advisory
http://www.blackberry.com/btsc/KB35882 broken link
http://marc.info/?l=bugtraq&m=140075368411126&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2 vendor advisory mailing list third party advisory
http://www.securitytracker.com/id/1030081 broken link third party advisory vdb entry
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html vendor advisory broken link third party advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded mailing list vdb entry not applicable broken link third party advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html vendor advisory broken link third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1084875 third party advisory issue tracking
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html vendor advisory mailing list third party advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 third party advisory
http://marc.info/?l=bugtraq&m=139824993005633&w=2 vendor advisory mailing list third party advisory
http://www.securitytracker.com/id/1030079 broken link third party advisory vdb entry
http://rhn.redhat.com/errata/RHSA-2014-0377.html third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2 vendor advisory mailing list third party advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85 issue tracking
http://marc.info/?l=bugtraq&m=139765756720506&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2 vendor advisory mailing list third party advisory
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ release notes
http://heartbleed.com/ third party advisory
http://marc.info/?l=bugtraq&m=139817782017443&w=2 vendor advisory mailing list third party advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 broken link
http://marc.info/?l=bugtraq&m=140015787404650&w=2 vendor advisory mailing list third party advisory
http://cogentdatahub.com/ReleaseNotes.html release notes
http://marc.info/?l=bugtraq&m=139869720529462&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2 vendor advisory mailing list third party advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-1 third party advisory broken link
http://www.us-cert.gov/ncas/alerts/TA14-098A third party advisory us government resource
http://secunia.com/advisories/57347 third party advisory broken link
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html third party advisory mailing list
http://seclists.org/fulldisclosure/2014/Apr/173 third party advisory mailing list
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 issue tracking
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html third party advisory patch
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html third party advisory patch
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html third party advisory
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3 broken link
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken vendor advisory broken link
http://seclists.org/fulldisclosure/2014/Dec/23 third party advisory mailing list
http://marc.info/?l=bugtraq&m=139905653828999&w=2 vendor advisory mailing list third party advisory
http://www.ubuntu.com/usn/USN-2165-1 third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.html third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2 vendor advisory mailing list third party advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html vendor advisory mailing list third party advisory
http://www.exploit-db.com/exploits/32764 third party advisory vdb entry exploit
http://marc.info/?l=bugtraq&m=139757726426985&w=2 vendor advisory mailing list third party advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 third party advisory
http://marc.info/?l=bugtraq&m=139869891830365&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2 vendor advisory mailing list third party advisory
http://seclists.org/fulldisclosure/2014/Apr/91 third party advisory mailing list
http://www.securitytracker.com/id/1030078 broken link third party advisory vdb entry
http://secunia.com/advisories/59243 third party advisory broken link
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 third party advisory
http://marc.info/?l=bugtraq&m=139836085512508&w=2 vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2 vendor advisory mailing list third party advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.html third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2 vendor advisory mailing list third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 vendor advisory broken link third party advisory
https://www.cert.fi/en/reports/2014/vulnerability788210.html third party advisory not applicable
http://secunia.com/advisories/57721 third party advisory broken link
http://secunia.com/advisories/57968 third party advisory broken link
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ third party advisory issue tracking
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 third party advisory permissions required
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=139905405728262&w=2 vendor advisory mailing list third party advisory
http://www.securitytracker.com/id/1030082 broken link third party advisory vdb entry
http://marc.info/?l=bugtraq&m=139757819327350&w=2 vendor advisory mailing list third party advisory
http://www.exploit-db.com/exploits/32745 third party advisory vdb entry exploit
http://seclists.org/fulldisclosure/2014/Apr/190 third party advisory mailing list
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ release notes
http://marc.info/?l=bugtraq&m=139817727317190&w=2 vendor advisory mailing list third party advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 third party advisory
http://www.openssl.org/news/secadv_20140407.txt vendor advisory broken link
https://gist.github.com/chapmajs/10473815 exploit
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 third party advisory
http://www.securitytracker.com/id/1030074 broken link third party advisory vdb entry
http://support.citrix.com/article/CTX140605 third party advisory
http://secunia.com/advisories/59139 third party advisory broken link
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ release notes
http://secunia.com/advisories/57966 third party advisory broken link
http://www.securitytracker.com/id/1030026 broken link third party advisory vdb entry
http://secunia.com/advisories/59347 third party advisory broken link
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E patch mailing list third party advisory
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E patch mailing list third party advisory
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html third party advisory exploit permissions required
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E patch mailing list third party advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf third party advisory
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E patch mailing list third party advisory
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd broken link third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2014-0160?
CVE-2014-0160 has been scored as a high severity vulnerability.
How to fix CVE-2014-0160?
To fix CVE-2014-0160, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2014-0160 being actively exploited in the wild?
It is confirmed that CVE-2014-0160 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~94% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.