CVE-2014-0160 (retired)

Priority
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do
not properly handle Heartbeat Extension packets, which allows remote
attackers to obtain sensitive information from process memory via crafted
packets that trigger a buffer over-read, as demonstrated by reading private
keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Assigned-to
mdeslaur
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Updated: 2019-03-26 12:12:03 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)