CVE-2014-0160
openssl - security update
7.5
HIGH
CVSS 3.1
⚠ KEVEPSS 94.5%
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
How to fix CVE-2014-0160
To remediate CVE-2014-0160, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.1g-1 or later
- —upgrade to 1.0.1e-2+deb7u5 or later
Is CVE-2014-0160 being exploited?
Yes — CVE-2014-0160 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (2)
- from 0, < 1.0.1g-1
- from 0, < 1.0.1e-2+deb7u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |