CVE-2014-0160 - Vulnerability Details

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is in the KEV database since May 4, 2022.

The EPSS score is 0.94464.

Exploitation active

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*

cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*

Configuration 7 [-]

OR	cpe:2.3:a:siemens:elan-8.2::::::::
	cpe:2.3:a:siemens:wincc_open_architecture:3.12:::::::*

Configuration 8 [-]

AND

OR	cpe:2.3:o:intellian:v100_firmware:1.20:::::::*
	cpe:2.3:o:intellian:v100_firmware:1.21:::::::*
	cpe:2.3:o:intellian:v100_firmware:1.24:::::::*

cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:intellian:v60_firmware:1.15:::::::*
	cpe:2.3:o:intellian:v60_firmware:1.25:::::::*

cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:a:mitel:micollab:6.0:::::::*
	cpe:2.3:a:mitel:micollab:7.0:::::::*
	cpe:2.3:a:mitel:micollab:7.1:::::::*
	cpe:2.3:a:mitel:micollab:7.2:::::::*
	cpe:2.3:a:mitel:micollab:7.3:::::::*
	cpe:2.3:a:mitel:micollab:7.3.0.104:::::::*
	cpe:2.3:a:mitel:mivoice:1.1.2.5:::::lync::
	cpe:2.3:a:mitel:mivoice:1.1.3.3:::::skype_for_business::
	cpe:2.3:a:mitel:mivoice:1.2.0.11:::::skype_for_business::
	cpe:2.3:a:mitel:mivoice:1.3.2.2:::::skype_for_business::
	cpe:2.3:a:mitel:mivoice:1.4.0.102:::::skype_for_business::

Configuration 11 [-]

OR	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration 12 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*

Configuration 13 [-]

OR	cpe:2.3:o:fedoraproject:fedora:19:::::::*
	cpe:2.3:o:fedoraproject:fedora:20:::::::*

Configuration 14 [-]

OR	cpe:2.3:a:redhat:gluster_storage:2.1:::::::*
	cpe:2.3:a:redhat:storage:2.1:::::::*
	cpe:2.3:a:redhat:virtualization:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 15 [-]

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 16 [-]

AND

cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*

cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*

Configuration 17 [-]

OR	cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:::::::*
	cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:::::::*

Configuration 18 [-]

cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
openssl-0:1.0.1e-16.el6_5.7	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:0376	2014-04-08T00:00:00Z
Red Hat Storage 2.1
openssl-0:1.0.1e-16.el6_5.7	cpe:/a:redhat:storage:2.1:server:el6	RHSA-2014:0377	2014-04-08T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-6
rhev-hypervisor6-0:6.5-20140407.0.el6ev	cpe:/o:redhat:enterprise_linux:6::hypervisor	RHSA-2014:0378	2014-04-08T00:00:00Z
rhev-hypervisor6-0:6.5-20140118.1.3.2.el6_5	cpe:/o:redhat:enterprise_linux:6::hypervisor	RHSA-2014:0396	2014-04-10T00:00:00Z
RHEV Manager version 3.3
spice-client-msi-0:3.3-12	cpe:/a:redhat:rhev_manager:3	RHSA-2014:0416	2014-04-17T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Broadcom Subscribe	Symantec Messaging Gateway Subscribe
Canonical Subscribe	Ubuntu Linux Subscribe
Debian Subscribe	Debian Linux Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Filezilla-project Subscribe	Filezilla Server Subscribe
Intellian Subscribe	V100 Subscribe V100 Firmware Subscribe V60 Subscribe V60 Firmware Subscribe
Mitel Subscribe	Micollab Subscribe Mivoice Subscribe
Openssl Subscribe	Openssl Subscribe
Opensuse Subscribe	Opensuse Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Enterprise Linux Desktop Subscribe Enterprise Linux Server Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server Eus Subscribe Enterprise Linux Server Tus Subscribe Enterprise Linux Workstation Subscribe Gluster Storage Subscribe Rhev Manager Subscribe Storage Subscribe Virtualization Subscribe
Ricon Subscribe	S9922l Subscribe S9922l Firmware Subscribe
Siemens Subscribe	Application Processing Engine Subscribe Application Processing Engine Firmware Subscribe Cp 1543-1 Subscribe Cp 1543-1 Firmware Subscribe Elan-8.2 Subscribe Simatic S7-1500 Subscribe Simatic S7-1500 Firmware Subscribe Simatic S7-1500t Subscribe Simatic S7-1500t Firmware Subscribe Wincc Open Architecture Subscribe
Splunk Subscribe	Splunk Subscribe

Advisories

Source	ID	Title
Debian DSA	DSA-2896-1	openssl security update
Debian DSA	DSA-2896-2	openssl security update
Ubuntu USN	USN-2165-1	OpenSSL vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://advisories.mageia.org/MGASA-2014-0165.html
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://cogentdatahub.com/ReleaseNotes.html
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
http://heartbleed.com/
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
http://marc.info/?l=bugtraq&m=139722163017074&w=2
http://marc.info/?l=bugtraq&m=139757726426985&w=2
http://marc.info/?l=bugtraq&m=139757819327350&w=2
http://marc.info/?l=bugtraq&m=139757919027752&w=2
http://marc.info/?l=bugtraq&m=139758572430452&w=2
http://marc.info/?l=bugtraq&m=139765756720506&w=2
http://marc.info/?l=bugtraq&m=139774054614965&w=2
http://marc.info/?l=bugtraq&m=139774703817488&w=2
http://marc.info/?l=bugtraq&m=139808058921905&w=2
http://marc.info/?l=bugtraq&m=139817685517037&w=2
http://marc.info/?l=bugtraq&m=139817727317190&w=2
http://marc.info/?l=bugtraq&m=139817782017443&w=2
http://marc.info/?l=bugtraq&m=139824923705461&w=2
http://marc.info/?l=bugtraq&m=139824993005633&w=2
http://marc.info/?l=bugtraq&m=139833395230364&w=2
http://marc.info/?l=bugtraq&m=139835815211508&w=2
http://marc.info/?l=bugtraq&m=139835844111589&w=2
http://marc.info/?l=bugtraq&m=139836085512508&w=2
http://marc.info/?l=bugtraq&m=139842151128341&w=2
http://marc.info/?l=bugtraq&m=139843768401936&w=2
http://marc.info/?l=bugtraq&m=139869720529462&w=2
http://marc.info/?l=bugtraq&m=139869891830365&w=2
http://marc.info/?l=bugtraq&m=139889113431619&w=2
http://marc.info/?l=bugtraq&m=139889295732144&w=2
http://marc.info/?l=bugtraq&m=139905202427693&w=2
http://marc.info/?l=bugtraq&m=139905243827825&w=2
http://marc.info/?l=bugtraq&m=139905295427946&w=2
http://marc.info/?l=bugtraq&m=139905351928096&w=2
http://marc.info/?l=bugtraq&m=139905405728262&w=2
http://marc.info/?l=bugtraq&m=139905458328378&w=2
http://marc.info/?l=bugtraq&m=139905653828999&w=2
http://marc.info/?l=bugtraq&m=139905868529690&w=2
http://marc.info/?l=bugtraq&m=140015787404650&w=2
http://marc.info/?l=bugtraq&m=140075368411126&w=2
http://marc.info/?l=bugtraq&m=140724451518351&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://marc.info/?l=bugtraq&m=141287864628122&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://rhn.redhat.com/errata/RHSA-2014-0376.html
http://rhn.redhat.com/errata/RHSA-2014-0377.html
http://rhn.redhat.com/errata/RHSA-2014-0378.html
http://rhn.redhat.com/errata/RHSA-2014-0396.html
http://seclists.org/fulldisclosure/2014/Apr/109
http://seclists.org/fulldisclosure/2014/Apr/173
http://seclists.org/fulldisclosure/2014/Apr/190
http://seclists.org/fulldisclosure/2014/Apr/90
http://seclists.org/fulldisclosure/2014/Apr/91
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/57347
http://secunia.com/advisories/57483
http://secunia.com/advisories/57721
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://secunia.com/advisories/59139
http://secunia.com/advisories/59243
http://secunia.com/advisories/59347
http://support.citrix.com/article/CTX140605
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.blackberry.com/btsc/KB35882
http://www.debian.org/security/2014/dsa-2896
http://www.exploit-db.com/exploits/32745
http://www.exploit-db.com/exploits/32764
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://www.kb.cert.org/vuls/id/720951
http://www.kerio.com/support/kerio-control/release-history
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.openssl.org/news/secadv_20140407.txt
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/66690
http://www.securitytracker.com/id/1030026
http://www.securitytracker.com/id/1030074
http://www.securitytracker.com/id/1030077
http://www.securitytracker.com/id/1030078
http://www.securitytracker.com/id/1030079
http://www.securitytracker.com/id/1030080
http://www.securitytracker.com/id/1030081
http://www.securitytracker.com/id/1030082
http://www.splunk.com/view/SP-CAAAMB3
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
http://www.ubuntu.com/usn/USN-2165-1
http://www.us-cert.gov/ncas/alerts/TA14-098A
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
https://code.google.com/p/mod-spdy/issues/detail?id=85
https://filezilla-project.org/versions.php?type=server
https://gist.github.com/chapmajs/10473815
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
https://nvd.nist.gov/vuln/detail/CVE-2014-0160
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160
https://www.cve.org/CVERecord?id=CVE-2014-0160
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

History

Wed, 22 Oct 2025 01:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160

Fri, 07 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-05-04'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 23:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-04-07T00:00:00.000Z

Updated: 2025-10-22T00:05:38.217Z

Reserved: 2013-12-03T00:00:00.000Z

Link: CVE-2014-0160

Vulnrichment

Updated: 2024-08-06T09:05:39.056Z

NVD

Status : Deferred

Published: 2014-04-07T22:55:03.893

Modified: 2025-10-22T01:15:53.233

Link: CVE-2014-0160

Redhat

Severity : Important

Publid Date: 2014-04-07T00:00:00Z

Links: CVE-2014-0160 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation active

Automatable yes

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object