Your submission was sent successfully! Close

CVE-2014-0160

Published: 7 April 2014

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Priority

High

CVSS 3 base score: 7.5

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise
Released (1.0.1-4ubuntu5.12)
quantal
Released (1.0.1c-3ubuntu2.7)
saucy
Released (1.0.1e-3ubuntu1.2)
upstream
Released (1.0.1g)
openssl098
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable

quantal Not vulnerable

saucy Not vulnerable

upstream Not vulnerable