CVE-2014-0160

OpenSSL Information Disclosure sebezhetősége
Angol cím: OpenSSL Information Disclosure Vulnerability

Publikálás dátuma: 2025.04.16.
Utolsó módosítás dátuma: 2025.04.16.

Leírás

A program a puffer határa előtt vagy után olvas adatokat a memóriából.

Elemzés leírás

Eredeti nyelven: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Hatás

Következmények

Hivatkozások

mageia.org
fox-it.com
cogentdatahub.com
heartbleed.com
opensuse.org
marc.info

Sérülékeny szoftverek

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* From (including) 1.0.1 Up to (excluding) 1.0.1g
cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:* Up to (excluding) 0.9.44
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:* Up to (excluding) 8.3.3
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* From (including) 6.0.0 Up to (excluding) 6.0.3

Címkék

OpenSSL OpenSSL Software Foundation