The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
Buffer Overflow
Information Disclosure
OpenSSL
NVD
Exploit-DB
GitHub
VulDB
CVSS 3.1
7.5
EPSS
94.5%
Threat
7.3