CVE-2014-0160

CVE Database · CVE-2014-0160

CVE-2014-0160

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

100.00%

Published

Apr 7, 2014

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-05-04 · Due: 2022-05-25

Apply updates per vendor instructions.

Public PoC / Exploit (13)

All weaponized →

Exploit-DBOpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS Versions)Exploit-DBOpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1)Exploit-DBOpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)Exploit-DBOpenSSL TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure TrickestTrickest PoC index GitHub PoCFiloSottile/Heartbleed★2390 GitHub PoCmusalbas/heartbleed-masstest★574 GitHub PoCtitanous/heartbleeder★452 GitHub PoCLekensteyn/pacemaker★329 GitHub PoCsensepost/heartbleed-poc★170 GitHub PoCeinaros/heartbleed-tools★98 GitHub PoCmpgn/heartbleed-PoC★85 GitHub PoCisgroup/openmagic★39

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-125CWE-125

Affected Products (54)

openssl · openssl (up to 1.0.1g)vulnerable

filezilla-project · filezilla_server (up to 0.9.44)vulnerable

siemens · application_processing_engine_firmwarevulnerable

siemens · application_processing_engine

siemens · cp_1543-1_firmwarevulnerable

siemens · cp_1543-1

siemens · simatic_s7-1500_firmwarevulnerable