Launchpad.net

CVE 2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Related bugs and status

CVE-2014-0160 (Candidate) is related to these bugs:

Bug #1304042: CVE-2014-0160

Summary				In	Importance	Status
	1304042	CVE-2014-0160		openssl (Ubuntu)	Undecided	Fix Released
	1304042	CVE-2014-0160		openssl (Debian)	Unknown	Fix Released

Bug #1304457: OpenSSL packages are vulnerable to CVE-2014-0160

Summary				In	Importance	Status
	1304457	OpenSSL packages are vulnerable to CVE-2014-0160		Raspbian	Undecided	Fix Released

Bug #1304506: openssl vulnerable to remote memory reads (aka heartbleeed bug) - grave error

Summary				In	Importance	Status
	1304506	openssl vulnerable to remote memory reads (aka heartbleeed bug) - grave error		Raspbian	Undecided	Fix Released

Bug #1304651: Heartbleed Bug

Summary				In	Importance	Status
	1304651	Heartbleed Bug		openssl (Ubuntu)	Undecided	Fix Released

Bug #1307532: OpenSSL is not up-to-date in Ubuntu 13.10

Summary				In	Importance	Status
	1307532	OpenSSL is not up-to-date in Ubuntu 13.10		openssl (Ubuntu)	Undecided	Invalid

Bug #1440494: Raspbian openssl (1.01e) is vulnerable to CVE-2014-0160

Summary				In	Importance	Status
	1440494	Raspbian openssl (1.01e) is vulnerable to CVE-2014-0160		Raspbian	Undecided	Invalid

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-0160

Related bugs and status

Related bugs

References