CVE-2014-0160


április 16. 10:40

OpenSSL Information Disclosure sebezhetősége
Angol cím: OpenSSL Information Disclosure Vulnerability

Publikálás dátuma: 2025.04.16.
Utolsó módosítás dátuma: 2025.04.16.

Leírás

A program a puffer határa előtt vagy után olvas adatokat a memóriából.

Leírás forrása: CWE-125 Leírás utolsó módosítása: 2024.11.19.

Elemzés leírás

Eredeti nyelven: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Elemzés leírás forrása: CVE-2014-0160 Elemzés leírás utolsó módosítása: 2025.04.12.

Hatás

CVSS3.1 Súlyosság és Metrika

Base score: 7.5 (Magas)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality Impact (C): High
Integrity Impact (I): None
Availability Impact (A): None

Hivatkozások

mageia.org
fox-it.com
cogentdatahub.com
heartbleed.com
opensuse.org
marc.info

Sérülékeny szoftverek

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* From (including) 1.0.1 Up to (excluding) 1.0.1g
cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:* Up to (excluding) 0.9.44
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:* Up to (excluding) 8.3.3
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* From (including) 6.0.0 Up to (excluding) 6.0.3

Címkék

OpenSSL OpenSSL Software Foundation

Legfrissebb sérülékenységek
CVE-2024-53104 – Linux Kernel sérülékenysége
CVE-2025-64459 – Django SQL injection sérülékenység
CVE-2025-64458 – Django szolgáltatás megtagadás sérülékenység
CVE-2025-20354 – Cisco Unified Contact Center Express sérülékenysége
CVE-2025-20358 – Cisco Unified Contact Center Express sérülékenysége
CVE-2025-48703 – CWP Control Web Panel OS Command Injection sérülékenysége
CVE-2025-5947 – WordPress Service Finder plugin sérülékenysége
CVE-2025-11533 – WordPress Freeio plugin sérülékenysége
CVE-2025-5397 – JobMonster WordPress téma sérülékenysége
CVE-2025-11705 – WordPress Anti-Malware Security and Brute-Force Firewall plugin sérülékenysége
Tovább a sérülékenységekhez »