Voozh

Vulnerabilities

CVE-2014-0160 Detail

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

👁 NIST CVSS score

NIST: NVD

NVD assessment not yet provided.

Evaluator Impact

CVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization’s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://advisories.mageia.org/MGASA-2014-0165.html	CVE, Inc., Red Hat	Third Party Advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/	CVE, Inc., Red Hat	Issue Tracking Third Party Advisory
http://cogentdatahub.com/ReleaseNotes.html	CVE, Inc., Red Hat	Release Notes
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01	CVE, Inc., Red Hat	Broken Link
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3	CVE, Inc., Red Hat	Broken Link
http://heartbleed.com/	CVE, Inc., Red Hat	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139757726426985&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139757819327350&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139765756720506&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139808058921905&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139817727317190&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139817782017443&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139824993005633&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139833395230364&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139836085512508&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139843768401936&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139869720529462&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139869891830365&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905295427946&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905405728262&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905653828999&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140015787404650&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140075368411126&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140724451518351&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1	CVE, Inc., Red Hat	Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3	CVE, Inc., Red Hat	Permissions Required Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.html	CVE, Inc., Red Hat	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0377.html	CVE, Inc., Red Hat	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.html	CVE, Inc., Red Hat	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.html	CVE, Inc., Red Hat	Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/109	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/173	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/190	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/90	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/91	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://secunia.com/advisories/57347	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/57483	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/57721	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/57836	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/57966	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/57968	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/59139	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/59243	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://secunia.com/advisories/59347	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://support.citrix.com/article/CTX140605	CVE, Inc., Red Hat	Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21670161	CVE, Inc., Red Hat	Broken Link
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://www.blackberry.com/btsc/KB35882	CVE, Inc., Red Hat	Broken Link
http://www.debian.org/security/2014/dsa-2896	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.exploit-db.com/exploits/32745	CVE, Inc., Red Hat	Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/32764	CVE, Inc., Red Hat	Exploit Third Party Advisory VDB Entry
http://www.f-secure.com/en/web/labs_global/fsc-2014-1	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	CVE, Inc., Red Hat	Release Notes
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	CVE, Inc., Red Hat	Third Party Advisory
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	CVE, Inc., Red Hat	Release Notes
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	CVE, Inc., Red Hat	Release Notes
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf	CVE, Inc., Red Hat	Not Applicable
http://www.kb.cert.org/vuls/id/720951	CVE, Inc., Red Hat	Third Party Advisory US Government Resource
http://www.kerio.com/support/kerio-control/release-history	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	CVE, Inc., Red Hat	Broken Link Third Party Advisory
http://www.openssl.org/news/secadv_20140407.txt	CVE, Inc., Red Hat	Broken Link Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	CVE, Inc., Red Hat	Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	CVE, Inc., Red Hat	Patch Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded	CVE, Inc., Red Hat	Broken Link Not Applicable Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/66690	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030026	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030074	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030077	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030078	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030079	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030080	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030081	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030082	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.splunk.com/view/SP-CAAAMB3	CVE, Inc., Red Hat	Third Party Advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00	CVE, Inc., Red Hat	Third Party Advisory
http://www.ubuntu.com/usn/USN-2165-1	CVE, Inc., Red Hat	Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-098A	CVE, Inc., Red Hat	Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	CVE, Inc., Red Hat	Broken Link
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	CVE, Inc., Red Hat	Broken Link
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160	CVE, Inc., Red Hat	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1084875	CVE, Inc., Red Hat	Issue Tracking Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf	CVE, Inc., Red Hat	Third Party Advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85	CVE, Inc., Red Hat	Issue Tracking
https://filezilla-project.org/versions.php?type=server	CVE, Inc., Red Hat	Release Notes
https://gist.github.com/chapmajs/10473815	CVE, Inc., Red Hat	Exploit
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken	CVE, Inc., Red Hat	Broken Link
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat	Mailing List Patch Third Party Advisory
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat	Mailing List Patch Third Party Advisory
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat	Mailing List Patch Third Party Advisory
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat	Mailing List Patch Third Party Advisory
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html	CVE, Inc., Red Hat	Exploit Permissions Required Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html	CVE, Inc., Red Hat	Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	CVE, Inc., Red Hat	Third Party Advisory
https://www.cert.fi/en/reports/2014/vulnerability788210.html	CVE, Inc., Red Hat	Not Applicable Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160	CISA-ADP	US Government Resource
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008	CVE, Inc., Red Hat	Third Party Advisory
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd	CVE, Inc., Red Hat	Broken Link Exploit Third Party Advisory

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Vulnerability Name	Date Added	Due Date	Required Action
OpenSSL Information Disclosure Vulnerability	05/04/2022	05/25/2022	Apply updates per vendor instructions.

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-125	Out-of-bounds Read	👁 cwe source acceptance level NIST CISA-ADP

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

38 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-0160
NVD Published Date:
04/07/2014
NVD Last Modified:
06/16/2026
Source:
Red Hat, Inc.

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0160

⇱ NVD - CVE-2014-0160

CVE-2014-0160 Detail

Description

Metrics

Evaluator Impact

References to Advisories, Solutions, and Tools

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CISA-ADP 6/16/2026 8:02:24 PM

CVE Modified by Red Hat, Inc. 6/16/2026 8:02:24 PM

Modified Analysis by NIST 4/21/2026 4:07:16 PM

CVE Modified by CISA-ADP 10/21/2025 9:15:53 PM

CVE Modified by CISA-ADP 10/21/2025 4:16:09 PM

CVE Modified by CISA-ADP 10/21/2025 3:16:15 PM

Modified Analysis by NIST 4/03/2025 2:02:46 PM

CVE Modified by CISA-ADP 2/07/2025 9:15:35 AM

Modified Analysis by NIST 1/06/2025 2:36:39 PM

CVE Modified by CVE 11/20/2024 9:01:30 PM

Modified Analysis by NIST 7/02/2024 12:52:39 PM

CVE Modified by Red Hat, Inc. 5/13/2024 11:06:32 PM

CVE Modified by Red Hat, Inc. 11/06/2023 9:18:10 PM

Modified Analysis by NIST 2/10/2023 11:58:22 AM

CVE Modified by Red Hat, Inc. 11/15/2022 4:15:18 PM

CPE Deprecation Remap by NIST 10/15/2020 9:29:54 AM

Modified Analysis by NIST 7/28/2020 1:11:56 PM

CVE Modified by Red Hat, Inc. 2/13/2020 12:15:23 PM

CVE Modified by Red Hat, Inc. 2/10/2020 10:15:13 AM

CVE Modified by Red Hat, Inc. 2/03/2020 7:15:19 AM

CVE Modified by Red Hat, Inc. 1/25/2020 2:15:11 PM

Modified Analysis by NIST 9/27/2019 2:22:02 PM

CVE Modified by Red Hat, Inc. 3/25/2019 7:34:05 AM

CVE Modified by Red Hat, Inc. 3/21/2019 11:54:49 AM

CVE Modified by Red Hat, Inc. 10/23/2018 5:29:00 PM

CVE Modified by Red Hat, Inc. 10/09/2018 3:36:18 PM

CVE Modified by Red Hat, Inc. 12/15/2017 9:29:03 PM

CVE Modified by Red Hat, Inc. 11/14/2017 9:29:02 PM

CVE Modified by Red Hat, Inc. 1/06/2017 9:59:17 PM

CVE Modified by Red Hat, Inc. 11/30/2016 9:59:07 PM

CVE Modified by Red Hat, Inc. 8/22/2016 10:06:46 PM

CVE Translated by NIST 2/17/2016 4:45:08 PM

CVE Modified by Red Hat, Inc. 3/31/2015 9:59:12 PM

CVE Modified by Red Hat, Inc. 3/30/2015 9:59:09 PM

CVE Modified by Red Hat, Inc. 3/23/2015 9:59:57 PM

CVE Modified by Red Hat, Inc. 12/11/2014 10:00:34 PM

CVE Modified by Red Hat, Inc. 11/18/2014 9:59:22 PM

Initial CVE Analysis 4/24/2014 7:52:20 AM

Quick Info