Skip to main content
CVE-2014-0160 HIGH POC KEV PATCH THREAT Act Now

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Information Disclosure OpenSSL
NVD Exploit-DB GitHub VulDB
CVSS 3.1
7.5
EPSS
94.5%
Threat
7.3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy