CVE-2014-0160: OpenSSL Information Disclosure Vulnerability

Q: What is the severity of CVE-2014-0160?

CVE-2014-0160 is rated as critical due to its potential to leak sensitive information from the affected system.

Q: How do I fix CVE-2014-0160?

To fix CVE-2014-0160, upgrade OpenSSL to version 1.0.1g or higher as all versions prior to this are vulnerable.

Q: What systems are affected by CVE-2014-0160?

CVE-2014-0160 affects OpenSSL versions prior to 1.0.1g, along with various applications that utilize this vulnerable library.

Q: Can CVE-2014-0160 be exploited remotely?

Yes, CVE-2014-0160 can be exploited remotely by attackers using specially crafted Heartbeat packets to extract sensitive information.

Q: Is CVE-2014-0160 specific to OpenSSL only?

While CVE-2014-0160 primarily affects OpenSSL, it can also impact other applications and platforms that use vulnerable versions of the library.

Published Apr 7, 2014

Updated

A missing bounds check was found in the way OpenSSL handled TLS heartbeat extension packets. This flaw could be used to reveal up to 64k of memory from a connected client or server. Only 1.0.1 releases of OpenSSL are affected including 1.0.1f (and 1.0.2 betas) The following upstream commit introduced TLS/DTLS heatbeat support and also this issue: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4817504

Affected Software

73 affected componentsFixes available

redhat/openssl<1.0.1

1.0.1

OpenSSL OpenSSL

OpenSSL OpenSSL>=1.0.1<1.0.1g

Filezilla-project Filezilla Server<0.9.44

Siemens Application Processing Engine Firmware=2.0

Siemens Application Processing Engine

Siemens Cp 1543-1 Firmware=1.1

Siemens Cp 1543-1

Siemens Simatic S7-1500 Firmware=1.5

Siemens Simatic S7-1500

Siemens Simatic S7-1500t Firmware=1.5

Siemens Simatic S7-1500t

Siemens Elan-8.2<8.3.3

Siemens Wincc Open Architecture=3.12

Intellian V100 Firmware=1.20

Intellian V100 Firmware=1.21

Intellian V100 Firmware=1.24

Intellian V100

Intellian V60 Firmware=1.15

Intellian V60 Firmware=1.25

Intellian V60

Mitel MiCollab=6.0

Mitel MiCollab=7.0

Mitel MiCollab=7.1

Mitel MiCollab=7.2

Mitel MiCollab=7.3

Mitel MiCollab=7.3.0.104

Mitel Mivoice Lync=1.1.2.5

Mitel Mivoice Skype For Business=1.1.3.3

Mitel Mivoice Skype For Business=1.2.0.11

Mitel Mivoice Skype For Business=1.3.2.2

Mitel Mivoice Skype For Business=1.4.0.102

openSUSE openSUSE=12.3

openSUSE openSUSE=13.1

Canonical Ubuntu Linux=12.04

Canonical Ubuntu Linux=12.10

Canonical Ubuntu Linux=13.10

Fedoraproject Fedora=19

Fedoraproject Fedora=20

redhat Gluster Storage=2.1

redhat Storage=2.1

redhat Virtualization=6.0

redhat Enterprise Linux Desktop=6.0

redhat Enterprise Linux Server=6.0

redhat Enterprise Linux Server Aus=6.5

redhat Enterprise Linux Server Eus=6.5

redhat Enterprise Linux Server Tus=6.5

redhat Enterprise Linux Workstation=6.0

Debian Debian Linux=6.0

Debian Debian Linux=7.0

Debian Debian Linux=8.0

Ricon S9922l Firmware=16.10.3\(3794\)

Ricon S9922l=1.0

All of the following

Siemens Application Processing Engine Firmware=2.0

Siemens Application Processing Engine

All of the following

Siemens Cp 1543-1 Firmware=1.1

Siemens Cp 1543-1

All of the following

Siemens Simatic S7-1500 Firmware=1.5

Siemens Simatic S7-1500

All of the following

Siemens Simatic S7-1500t Firmware=1.5

Siemens Simatic S7-1500t

All of the following

Any of the following

Intellian V100 Firmware=1.20

Intellian V100 Firmware=1.21

Intellian V100 Firmware=1.24

Intellian V100

All of the following

Any of the following

Intellian V60 Firmware=1.15

Intellian V60 Firmware=1.25

Intellian V60

All of the following

Ricon S9922l Firmware=16.10.3\(3794\)

Ricon S9922l=1.0

Broadcom Symantec Messaging Gateway=10.6.0

Broadcom Symantec Messaging Gateway=10.6.1

Splunk splunk>=6.0.0<6.0.3

Remediation

Event History

Apr 7, 2014

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via Red Hat·05:56 AM

DescriptionSeverityAffected Software

Data Sourced

via NVD·10:55 PM

RemedyDescriptionSeverityWeaknessAffected Software

May 4, 2022

Known Exploited

via CISA·12:00 AM

Apr 16, 2025

News Published

via The Register·12:00 AM

News Published

via The Register·12:06 AM

Frequently Asked Questions

What is the severity of CVE-2014-0160?

CVE-2014-0160 is rated as critical due to its potential to leak sensitive information from the affected system.

How do I fix CVE-2014-0160?

To fix CVE-2014-0160, upgrade OpenSSL to version 1.0.1g or higher as all versions prior to this are vulnerable.

What systems are affected by CVE-2014-0160?

CVE-2014-0160 affects OpenSSL versions prior to 1.0.1g, along with various applications that utilize this vulnerable library.

Can CVE-2014-0160 be exploited remotely?

Yes, CVE-2014-0160 can be exploited remotely by attackers using specially crafted Heartbeat packets to extract sensitive information.

Is CVE-2014-0160 specific to OpenSSL only?

While CVE-2014-0160 primarily affects OpenSSL, it can also impact other applications and platforms that use vulnerable versions of the library.

CVE-2014-0160: OpenSSL Information Disclosure Vulnerability

Affected Software

Remediation

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2014-0160?

How do I fix CVE-2014-0160?

What systems are affected by CVE-2014-0160?

Can CVE-2014-0160 be exploited remotely?

Is CVE-2014-0160 specific to OpenSSL only?

Company

Resources

Contact