QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0160

Published: Apr 7, 2014

Modified: Oct 22, 2025

PUBLISHED

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

vdb-entry

20140408 heartbleed OpenSSL bug CVE-2014-0160

mailing-list

http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

third-party-advisory

http://www.splunk.com/view/SP-CAAAMB3

vendor-advisory

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

vendor-advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21670161

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

openSUSE-SU-2014:0492

vendor-advisory

vendor-advisory

20140409 Re: heartbleed OpenSSL bug CVE-2014-0160

mailing-list

vendor-advisory

vdb-entry

third-party-advisory

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

vendor-advisory

vendor-advisory

vdb-entry

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

https://filezilla-project.org/versions.php?type=server

vendor-advisory

third-party-advisory

20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

vendor-advisory

http://www.kerio.com/support/kerio-control/release-history

http://advisories.mageia.org/MGASA-2014-0165.html

http://www.blackberry.com/btsc/KB35882

vendor-advisory

vendor-advisory

vendor-advisory

vdb-entry

FEDORA-2014-4879

vendor-advisory

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

FEDORA-2014-4910

vendor-advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1084875

FEDORA-2014-9308

vendor-advisory

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

vendor-advisory

vdb-entry

vendor-advisory

vendor-advisory

vendor-advisory

https://code.google.com/p/mod-spdy/issues/detail?id=85

vendor-advisory

vendor-advisory

vendor-advisory

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

http://heartbleed.com/

vendor-advisory

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

vendor-advisory

http://cogentdatahub.com/ReleaseNotes.html

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

http://www.f-secure.com/en/web/labs_global/fsc-2014-1

third-party-advisory

third-party-advisory

[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released

mailing-list

20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL

mailing-list

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

vendor-advisory

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

SUSE-SA:2014:002

vendor-advisory

exploit

vendor-advisory

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

20140408 Re: heartbleed OpenSSL bug CVE-2014-0160

mailing-list

vdb-entry

third-party-advisory

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

https://www.cert.fi/en/reports/2014/vulnerability788210.html

third-party-advisory

third-party-advisory

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

openSUSE-SU-2014:0560

vendor-advisory

vendor-advisory

vdb-entry

vendor-advisory

exploit

20140412 Re: heartbleed OpenSSL bug CVE-2014-0160

mailing-list

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

vendor-advisory

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

http://www.openssl.org/news/secadv_20140407.txt

https://gist.github.com/chapmajs/10473815

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

vdb-entry

http://support.citrix.com/article/CTX140605

third-party-advisory

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

third-party-advisory

vdb-entry

third-party-advisory

[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/

mailing-list

https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/

mailing-list

https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.