The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
07/04/2014
by Openssl
a month ago
by Redhat
a month ago
by Redhat
2 months ago
by Mitel
8 months ago
by Filezilla-Project
a year ago
by Siemens
a year ago
by Redhat
2 years ago
by Siemens
10 years ago
by Mitel
10 years ago
by Fedoraproject
16 days ago
by Debian
18 days ago
by Redhat
a month ago
by Redhat
a month ago
by Redhat
a month ago
by Redhat
a month ago
by Canonical
a month ago
by Redhat
a month ago
by Redhat
a year ago
by Siemens
2 years ago