CVE-2014-0160


2025. április 16. 10:40

OpenSSL Information Disclosure sebezhetősége
Angol cím: OpenSSL Information Disclosure Vulnerability

Publikálás dátuma: 2025.04.16.
Utolsó módosítás dátuma: 2025.04.16.

Leírás

A program a puffer határa előtt vagy után olvas adatokat a memóriából.

Leírás forrása: CWE-125 Leírás utolsó módosítása: 2024.11.19.

Elemzés leírás

Eredeti nyelven: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Elemzés leírás forrása: CVE-2014-0160 Elemzés leírás utolsó módosítása: 2025.04.12.

Hatás

CVSS3.1 Súlyosság és Metrika

Base score: 7.5 (Magas)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality Impact (C): High
Integrity Impact (I): None
Availability Impact (A): None

Hivatkozások

mageia.org
fox-it.com
cogentdatahub.com
heartbleed.com
opensuse.org
marc.info

Sérülékeny szoftverek

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* From (including) 1.0.1 Up to (excluding) 1.0.1g
cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:* Up to (excluding) 0.9.44
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:* Up to (excluding) 8.3.3
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* From (including) 6.0.0 Up to (excluding) 6.0.3

Címkék

OpenSSL OpenSSL Software Foundation

Legfrissebb sérülékenységek
CVE-2026-27636 – FreeScout sérülékenysége
CVE-2026-28289 – FreeScout sérülékenysége
CVE-2026-21385 – Qualcomm integer overflow sérülékenysége
CVE-2026-26935 – Kibana sérülékenység
CVE-2026-20127 – Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass sérülékenység
CVE-2022-20775 – Cisco SD-WAN Path Traversal sérülékenység
CVE-2026-21902 – Junos OS Evolved sérülékenység
CVE-2026-22719 – VMware Aria Operations sérülékenység
CVE-2026-21241 – Windows Ancillary Function Driver for WinSock Elevation of Privilege sérülékenység
CVE-2025-40540 – SolarWinds Serv-U Type Confusion Remote Code Execution sérülékenység
Tovább a sérülékenységekhez »