Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0160
HistoryApr 07, 2014 - 12:00 a.m.

CVE-2014-0160

2014-04-0700:00:00
ubuntu.com
ubuntu.com
31

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do
not properly handle Heartbeat Extension packets, which allows remote
attackers to obtain sensitive information from process memory via crafted
packets that trigger a buffer over-read, as demonstrated by reading private
keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchopenssl< 1.0.1-4ubuntu5.12UNKNOWN
ubuntu12.10noarchopenssl< 1.0.1c-3ubuntu2.7UNKNOWN
ubuntu13.10noarchopenssl< 1.0.1e-3ubuntu1.2UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%