CVE-2014-0160
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
94.464
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-0160,CVE-2014-0076 are fixed in OpenSSL (x64) 1.0.1g | Windows |
| Vulnerabilities CVE-2014-0160 are affected in FileZilla Client For Mac 0.9.43 | Mac |
| openssl security update(DSA-3566-1) openssl_1.0.2h-1~bpo8+1_i386.deb | Linux |
| OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products For Cisco AnyConnect Secure Mobility Client | NCM |
| Out-of-bounds Read Vulnerability (CVE-2014-0160) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-611635 | FileZilla Client For Mac (Apple Silicon) (3.69.3) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234