The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
07/04/2014
by Openssl
3 months ago
by Redhat
4 months ago
by Redhat
7 months ago
by Mitel
a year ago
by Filezilla-Project
2 years ago
by Siemens
2 years ago
by Redhat
2 years ago
by Siemens
10 years ago
by Mitel
10 years ago
by Fedoraproject
a month ago
by Debian
2 months ago
by Redhat
3 months ago
by Redhat
3 months ago
by Redhat
3 months ago
by Redhat
3 months ago
by Redhat
3 months ago
by Canonical
4 months ago
by Redhat
2 years ago
by Siemens
3 years ago