The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Affected Software

CPE Name Name Version
openssl:openssl openssl 1.0.1g
filezilla-project:filezilla_server filezilla-project filezilla server 0.9.44
siemens:application_processing_engine_firmware siemens application processing engine firmware 2.0
siemens:cp_1543-1_firmware siemens cp 1543-1 firmware 1.1
siemens:simatic_s7-1500_firmware siemens simatic s7-1500 firmware 1.5
siemens:simatic_s7-1500t_firmware siemens simatic s7-1500t firmware 1.5
siemens:elan-8.2 siemens elan-8.2 8.3.3
siemens:wincc_open_architecture siemens wincc open architecture 3.12
intellian:v100_firmware intellian v100 firmware 1.20
intellian:v100_firmware intellian v100 firmware 1.21
intellian:v100_firmware intellian v100 firmware 1.24
intellian:v60_firmware intellian v60 firmware 1.15
intellian:v60_firmware intellian v60 firmware 1.25
mitel:micollab mitel micollab 6.0
mitel:micollab mitel micollab 7.0
mitel:micollab mitel micollab 7.1
mitel:micollab mitel micollab 7.2
mitel:micollab mitel micollab 7.3
mitel:micollab mitel micollab
mitel:mivoice mitel mivoice
mitel:mivoice mitel mivoice
mitel:mivoice mitel mivoice
mitel:mivoice mitel mivoice
mitel:mivoice mitel mivoice
opensuse:opensuse opensuse 12.3
opensuse:opensuse opensuse 13.1
canonical:ubuntu_linux canonical ubuntu linux 12.04
canonical:ubuntu_linux canonical ubuntu linux 12.10
canonical:ubuntu_linux canonical ubuntu linux 13.10
fedoraproject:fedora fedoraproject fedora 19
fedoraproject:fedora fedoraproject fedora 20
redhat:gluster_storage redhat gluster storage 2.1
redhat:storage redhat storage 2.1
redhat:enterprise_linux_desktop redhat enterprise linux desktop 6.0
redhat:enterprise_linux_server redhat enterprise linux server 6.0
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 6.5
redhat:enterprise_linux_server_eus redhat enterprise linux server eus 6.5
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 6.5
redhat:enterprise_linux_workstation redhat enterprise linux workstation 6.0
redhat:virtualization redhat virtualization 6.0
debian:debian_linux debian debian linux 6.0
debian:debian_linux debian debian linux 7.0
debian:debian_linux debian debian linux 8.0