Vulnerability in OpenSSL (CVE-2014-0160)

2014-04-07T00:00:00
ID OPENSSL:CVE-2014-0160
Type openssl
Reporter OpenSSL
Modified 2014-04-07T00:00:00

Description

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server (a.k.a. Heartbleed). This issue did not affect versions of OpenSSL prior to 1.0.1. Reported by Neel Mehta.