CVE-2014-0160

UNKNOWN

Published 2014-04-07T00:00:00.000Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2014-0160. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.5

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.945

probability

of exploitation in the wild

There is a 94.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 1.000

Higher than 100.0% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Available Exploits

OpenSSL Heartbleed Vulnerability

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.

ID: CVE-2014-0160

Author: pussycat0x High

References:

https://github.com/vulhub/vulhub/tree/master/openssl/CVE-2014-0160

Related News

No news articles found for this CVE.

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

May 25, 2022

Added to KEV

May 4, 2022

Required Action

Apply updates per vendor instructions.

Affected Product

Vendor/Project: OpenSSL

Product: OpenSSL

Ransomware Risk

Known Ransomware Use

KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-w8r8-w5w4-4w4v

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-0160

WEB https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

WEB https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

WEB https://www.cert.fi/en/reports/2014/vulnerability788210.html

WEB https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

WEB https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

WEB https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

WEB https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

WEB https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E

WEB https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

WEB https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E

WEB https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E

WEB https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E

WEB https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E

WEB https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E

WEB https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

WEB https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

WEB https://gist.github.com/chapmajs/10473815

WEB https://filezilla-project.org/versions.php?type=server

WEB https://code.google.com/p/mod-spdy/issues/detail?id=85

WEB https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

WEB https://bugzilla.redhat.com/show_bug.cgi?id=1084875

WEB https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

WEB http://advisories.mageia.org/MGASA-2014-0165.html

WEB http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog

WEB http://cogentdatahub.com/ReleaseNotes.html

WEB http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

WEB http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

WEB http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

WEB http://heartbleed.com

WEB http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

WEB http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

WEB http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

WEB http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

WEB http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

WEB http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

WEB http://marc.info/?l=bugtraq&m=139722163017074&w=2

WEB http://marc.info/?l=bugtraq&m=139757726426985&w=2

WEB http://marc.info/?l=bugtraq&m=139757819327350&w=2

WEB http://marc.info/?l=bugtraq&m=139757919027752&w=2

WEB http://marc.info/?l=bugtraq&m=139758572430452&w=2

WEB http://marc.info/?l=bugtraq&m=139765756720506&w=2

WEB http://marc.info/?l=bugtraq&m=139774054614965&w=2

WEB http://marc.info/?l=bugtraq&m=139774703817488&w=2

WEB http://marc.info/?l=bugtraq&m=139808058921905&w=2

WEB http://marc.info/?l=bugtraq&m=139817685517037&w=2

WEB http://marc.info/?l=bugtraq&m=139817727317190&w=2

WEB http://marc.info/?l=bugtraq&m=139817782017443&w=2

WEB http://marc.info/?l=bugtraq&m=139824923705461&w=2

WEB http://marc.info/?l=bugtraq&m=139824993005633&w=2

WEB http://marc.info/?l=bugtraq&m=139833395230364&w=2

WEB http://marc.info/?l=bugtraq&m=139835815211508&w=2

WEB http://marc.info/?l=bugtraq&m=139835844111589&w=2

WEB http://marc.info/?l=bugtraq&m=139836085512508&w=2

WEB http://marc.info/?l=bugtraq&m=139842151128341&w=2

WEB http://marc.info/?l=bugtraq&m=139843768401936&w=2

WEB http://marc.info/?l=bugtraq&m=139869720529462&w=2

WEB http://marc.info/?l=bugtraq&m=139869891830365&w=2

WEB http://marc.info/?l=bugtraq&m=139889113431619&w=2

WEB http://marc.info/?l=bugtraq&m=139889295732144&w=2

WEB http://marc.info/?l=bugtraq&m=139905202427693&w=2

WEB http://marc.info/?l=bugtraq&m=139905243827825&w=2

WEB http://marc.info/?l=bugtraq&m=139905295427946&w=2

WEB http://marc.info/?l=bugtraq&m=139905351928096&w=2

WEB http://marc.info/?l=bugtraq&m=139905405728262&w=2

WEB http://marc.info/?l=bugtraq&m=139905458328378&w=2

WEB http://marc.info/?l=bugtraq&m=139905653828999&w=2

WEB http://marc.info/?l=bugtraq&m=139905868529690&w=2

WEB http://marc.info/?l=bugtraq&m=140015787404650&w=2

WEB http://marc.info/?l=bugtraq&m=140075368411126&w=2

WEB http://marc.info/?l=bugtraq&m=140724451518351&w=2

WEB http://marc.info/?l=bugtraq&m=140752315422991&w=2

WEB http://marc.info/?l=bugtraq&m=141287864628122&w=2

WEB http://marc.info/?l=bugtraq&m=142660345230545&w=2

WEB http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

WEB http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

WEB http://rhn.redhat.com/errata/RHSA-2014-0376.html

WEB http://rhn.redhat.com/errata/RHSA-2014-0377.html

WEB http://rhn.redhat.com/errata/RHSA-2014-0378.html

WEB http://rhn.redhat.com/errata/RHSA-2014-0396.html

WEB http://seclists.org/fulldisclosure/2014/Apr/109

WEB http://seclists.org/fulldisclosure/2014/Apr/173

WEB http://seclists.org/fulldisclosure/2014/Apr/190

WEB http://seclists.org/fulldisclosure/2014/Apr/90

WEB http://seclists.org/fulldisclosure/2014/Apr/91

WEB http://seclists.org/fulldisclosure/2014/Dec/23

WEB http://secunia.com/advisories/57347

WEB http://secunia.com/advisories/57483

WEB http://secunia.com/advisories/57721

WEB http://secunia.com/advisories/57836

WEB http://secunia.com/advisories/57966

WEB http://secunia.com/advisories/57968

WEB http://secunia.com/advisories/59139

WEB http://secunia.com/advisories/59243

WEB http://secunia.com/advisories/59347

WEB http://support.citrix.com/article/CTX140605

WEB http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

WEB http://www-01.ibm.com/support/docview.wss?uid=isg400001841

WEB http://www-01.ibm.com/support/docview.wss?uid=isg400001843

WEB http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

WEB http://www-01.ibm.com/support/docview.wss?uid=swg21670161

WEB http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

WEB http://www.blackberry.com/btsc/KB35882

WEB http://www.debian.org/security/2014/dsa-2896

WEB http://www.exploit-db.com/exploits/32745

WEB http://www.exploit-db.com/exploits/32764

WEB http://www.f-secure.com/en/web/labs_global/fsc-2014-1

WEB http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release

WEB http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases

WEB http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release

WEB http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

WEB http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

WEB http://www.kb.cert.org/vuls/id/720951

WEB http://www.kerio.com/support/kerio-control/release-history

WEB http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

WEB http://www.openssl.org/news/secadv_20140407.txt

WEB http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

WEB http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

WEB http://www.securityfocus.com/archive/1/534161/100/0/threaded

WEB http://www.securityfocus.com/bid/66690

WEB http://www.securitytracker.com/id/1030026

WEB http://www.securitytracker.com/id/1030074

WEB http://www.securitytracker.com/id/1030077

WEB http://www.securitytracker.com/id/1030078

WEB http://www.securitytracker.com/id/1030079

WEB http://www.securitytracker.com/id/1030080

WEB http://www.securitytracker.com/id/1030081

WEB http://www.securitytracker.com/id/1030082

WEB http://www.splunk.com/view/SP-CAAAMB3

WEB http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

WEB http://www.ubuntu.com/usn/USN-2165-1

WEB http://www.us-cert.gov/ncas/alerts/TA14-098A

WEB http://www.vmware.com/security/advisories/VMSA-2014-0012.html

WEB http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: July 2, 2024

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

4 posts

Reddit • 3 weeks, 5 days ago

profess-x

PoC

Hackerin update Se você quer **aprender na prática como funcionaram algumas das vulnerabilidades mais famosas da história**, acabamos de lançar novos conteúdos na nossa plataforma (100% em português 🇧🇷). 👉 Módulos recém-lançados: * Heartbleed (**CVE-2014-0160**) * EternalBlue (**CVE-2017-0144**) * Dirty COW (**CVE-2016-5195**) * Drupalgeddon2 (**CVE-2018-7600**) * WordPress RevSlider (**CVE-2014-9735**) * …

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2017-5638 CVE-2016-5195 CVE-2014-6271 CVE-2014-9735 CVE-2008-4250

0.0

View Original High Risk

Reddit • 3 weeks, 5 days ago

profess-x

PoC

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2017-5638 CVE-2016-5195 CVE-2014-6271 CVE-2014-9735 CVE-2008-4250

0.0

View Original High Risk

Reddit • 3 weeks, 5 days ago

profess-x

PoC

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2017-5638 CVE-2016-5195 CVE-2014-6271 CVE-2014-9735 CVE-2008-4250

6.0

View Original High Risk

Reddit • 1 month ago

NouveauMonde

Payload

I love Debian's stability and security, but wondering, how do you decide to use an older debian package or use flatpack/backport for newer version. eg for neovim I just installed Debian 13 arm on vmware on a macbook, as I'm planning my Apple exit; So, neovim is at v0.10.4 on …

Also mentions: CVE-2024-3094

23.0

View Original