Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2014-0160 | Mondoo Vulnerability Intelligence

CVE-2014-0160

HIGH7.5

The (1) TLS and (2) DTLS implementations in OpenSSL 1

Published Apr 7, 2014

Modified 2 months ago

No fix available

Details

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

References

WEBhttp://advisories.mageia.org/MGASA-2014-0165.html WEBhttp://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/WEBhttp://cogentdatahub.com/ReleaseNotes.html WEBhttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 WEBhttp://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3 WEBhttp://heartbleed.com/ADVISORYhttp://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html ADVISORYhttp://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html ADVISORYhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html ADVISORYhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html ADVISORYhttp://marc.info/?l=bugtraq&m=139722163017074&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139757726426985&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139757819327350&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139757919027752&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139758572430452&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139765756720506&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139774054614965&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139774703817488&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139808058921905&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139817685517037&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139817727317190&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139817782017443&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139824923705461&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139824993005633&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139833395230364&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139835815211508&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139835844111589&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139836085512508&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139842151128341&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139843768401936&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139869720529462&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139869891830365&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139889113431619&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139889295732144&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905202427693&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905243827825&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905295427946&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905351928096&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905405728262&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905458328378&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905653828999&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=139905868529690&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=140015787404650&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=140075368411126&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=140724451518351&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=140752315422991&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=141287864628122&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=142660345230545&w=2 WEBhttp://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 WEBhttp://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 ADVISORYhttp://rhn.redhat.com/errata/RHSA-2014-0376.html ADVISORYhttp://rhn.redhat.com/errata/RHSA-2014-0377.html ADVISORYhttp://rhn.redhat.com/errata/RHSA-2014-0378.html ADVISORYhttp://rhn.redhat.com/errata/RHSA-2014-0396.html WEBhttp://seclists.org/fulldisclosure/2014/Apr/109 WEBhttp://seclists.org/fulldisclosure/2014/Apr/173 WEBhttp://seclists.org/fulldisclosure/2014/Apr/190 WEBhttp://seclists.org/fulldisclosure/2014/Apr/90 WEBhttp://seclists.org/fulldisclosure/2014/Apr/91 WEBhttp://seclists.org/fulldisclosure/2014/Dec/23 ADVISORYhttp://secunia.com/advisories/57347 ADVISORYhttp://secunia.com/advisories/57483 ADVISORYhttp://secunia.com/advisories/57721 ADVISORYhttp://secunia.com/advisories/57836 ADVISORYhttp://secunia.com/advisories/57966 ADVISORYhttp://secunia.com/advisories/57968 ADVISORYhttp://secunia.com/advisories/59139 ADVISORYhttp://secunia.com/advisories/59243 ADVISORYhttp://secunia.com/advisories/59347 WEBhttp://support.citrix.com/article/CTX140605 ADVISORYhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed WEBhttp://www-01.ibm.com/support/docview.wss?uid=isg400001841 WEBhttp://www-01.ibm.com/support/docview.wss?uid=isg400001843 WEBhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 WEBhttp://www-01.ibm.com/support/docview.wss?uid=swg21670161 WEBhttp://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf WEBhttp://www.blackberry.com/btsc/KB35882 ADVISORYhttp://www.debian.org/security/2014/dsa-2896 DETECTIONhttp://www.exploit-db.com/exploits/32745 DETECTIONhttp://www.exploit-db.com/exploits/32764 WEBhttp://www.f-secure.com/en/web/labs_global/fsc-2014-1 WEBhttp://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/WEBhttp://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/WEBhttp://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/WEBhttp://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/WEBhttp://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf ADVISORYhttp://www.kb.cert.org/vuls/id/720951 WEBhttp://www.kerio.com/support/kerio-control/release-history ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:062 WEBhttp://www.openssl.org/news/secadv_20140407.txt WEBhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html WEBhttp://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html WEBhttp://www.securityfocus.com/archive/1/534161/100/0/threaded WEBhttp://www.securityfocus.com/bid/66690 WEBhttp://www.securitytracker.com/id/1030026 WEBhttp://www.securitytracker.com/id/1030074 WEBhttp://www.securitytracker.com/id/1030077 WEBhttp://www.securitytracker.com/id/1030078 WEBhttp://www.securitytracker.com/id/1030079 WEBhttp://www.securitytracker.com/id/1030080 WEBhttp://www.securitytracker.com/id/1030081 WEBhttp://www.securitytracker.com/id/1030082 WEBhttp://www.splunk.com/view/SP-CAAAMB3 WEBhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 ADVISORYhttp://www.ubuntu.com/usn/USN-2165-1 ADVISORYhttp://www.us-cert.gov/ncas/alerts/TA14-098A WEBhttp://www.vmware.com/security/advisories/VMSA-2014-0012.html WEBhttp://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 WEBhttps://blog.torproject.org/blog/openssl-bug-cve-2014-0160 WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1084875 WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf WEBhttps://code.google.com/p/mod-spdy/issues/detail?id=85 WEBhttps://filezilla-project.org/versions.php?type=server WEBhttps://gist.github.com/chapmajs/10473815 ADVISORYhttps://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken WEBhttps://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E WEBhttps://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E WEBhttps://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E WEBhttps://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E WEBhttps://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html WEBhttps://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html WEBhttps://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html WEBhttps://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 WEBhttps://www.cert.fi/en/reports/2014/vulnerability788210.html WEBhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2014-0160 WEBhttps://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 WEBhttps://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Ecosystems

Timeline

PublishedApr 7, 2014

ModifiedOct 22, 2025