OpenSSL Information Disclosure Vulnerability

Added May 4, 2022 • Due May 25, 2022 • CVE-2014-0160

Overdue OpenSSL / OpenSSL CWE-125

Description

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

Required Action

Apply updates per vendor instructions.

References

https://nvd.nist.gov/vuln/detail/CVE-2014-0160

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 3 weeks ago