CVE-2014-0160


április 16. 10:40

OpenSSL Information Disclosure sebezhetősége
Angol cím: OpenSSL Information Disclosure Vulnerability

Publikálás dátuma: 2025.04.16.
Utolsó módosítás dátuma: 2025.04.16.

Leírás

A program a puffer határa előtt vagy után olvas adatokat a memóriából.

Leírás forrása: CWE-125 Leírás utolsó módosítása: 2024.11.19.

Elemzés leírás

Eredeti nyelven: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Elemzés leírás forrása: CVE-2014-0160 Elemzés leírás utolsó módosítása: 2025.04.12.

Hatás

CVSS3.1 Súlyosság és Metrika

Base score: 7.5 (Magas)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality Impact (C): High
Integrity Impact (I): None
Availability Impact (A): None

Hivatkozások

mageia.org
fox-it.com
cogentdatahub.com
heartbleed.com
opensuse.org
marc.info

Sérülékeny szoftverek

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* From (including) 1.0.1 Up to (excluding) 1.0.1g
cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:* Up to (excluding) 0.9.44
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:* Up to (excluding) 8.3.3
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*
cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* From (including) 6.0.0 Up to (excluding) 6.0.3

Címkék

OpenSSL OpenSSL Software Foundation

Legfrissebb sérülékenységek
CVE-2025-64471 – Fortinet FortiWeb sérülékenysége
CVE-2025-59808 – Fortinet FortiSOAR sérülékenysége
CVE-2025-59719 – Fortinet FortiWeb sérülékenysége
CVE-2025-59718 – Fortinet sérülékenysége
CVE-2025-10573 – Ivanti EPM XSS sérülékenysége
CVE-2025-54100 – PowerShell Remote Code Execution sérülékenység
CVE-2025-64671 – GitHub Copilot for Jetbrains Remote Code Execution sérülékenység
CVE-2025-62221 – Microsoft Windows Use After Free sérülékenység
CVE-2025-55754 – Apache Tomcat sérülékenysége
CVE-2025-42880 – SAP Solution Manager Code Injection sérülékenység
Tovább a sérülékenységekhez »