Heartbleed (CVE-2014-0160)
E792089
Heartbleed (CVE-2014-0160) is a critical security bug in the OpenSSL cryptographic library that allowed attackers to read sensitive data from the memory of affected servers, compromising encryption keys, passwords, and other private information.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Heartbleed (CVE-2014-0160) canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T9312266 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Heartbleed (CVE-2014-0160) Context triple: [OpenSSL, notableVulnerability, Heartbleed (CVE-2014-0160)]
-
A.
Meltdown
"Meltdown" is a pop song by Irish singer-songwriter Niall Horan, released as one of the key singles from his solo music career.
-
B.
POODLE attack
The POODLE attack is a cryptographic vulnerability that exploits weaknesses in SSL 3.0’s CBC mode to decrypt secure HTTPS communications.
-
C.
CVE (Common Vulnerabilities and Exposures) entries
CVE (Common Vulnerabilities and Exposures) entries are standardized identifiers for publicly known cybersecurity vulnerabilities, used worldwide to consistently reference and track security issues across software and systems.
-
D.
The DAO hack
The DAO hack was a 2016 exploit of a major Ethereum-based investment fund smart contract that led to the theft of millions of ether and ultimately prompted a controversial hard fork of the Ethereum blockchain.
-
E.
ILOVEYOU worm
The ILOVEYOU worm was a notorious early-2000s email-borne computer worm that rapidly spread worldwide, causing massive damage by overwriting files and exploiting users’ trust with a deceptive love-letter subject line.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Heartbleed (CVE-2014-0160) Target entity description: Heartbleed (CVE-2014-0160) is a critical security bug in the OpenSSL cryptographic library that allowed attackers to read sensitive data from the memory of affected servers, compromising encryption keys, passwords, and other private information.
-
A.
Meltdown
"Meltdown" is a pop song by Irish singer-songwriter Niall Horan, released as one of the key singles from his solo music career.
-
B.
POODLE attack
The POODLE attack is a cryptographic vulnerability that exploits weaknesses in SSL 3.0’s CBC mode to decrypt secure HTTPS communications.
-
C.
CVE (Common Vulnerabilities and Exposures) entries
CVE (Common Vulnerabilities and Exposures) entries are standardized identifiers for publicly known cybersecurity vulnerabilities, used worldwide to consistently reference and track security issues across software and systems.
-
D.
The DAO hack
The DAO hack was a 2016 exploit of a major Ethereum-based investment fund smart contract that led to the theft of millions of ether and ultimately prompted a controversial hard fork of the Ethereum blockchain.
-
E.
ILOVEYOU worm
The ILOVEYOU worm was a notorious early-2000s email-borne computer worm that rapidly spread worldwide, causing massive damage by overwriting files and exploiting users’ trust with a deceptive love-letter subject line.
- F. None of above. chosen
Statements (53)
| Predicate | Object |
|---|---|
| instanceOf |
OpenSSL vulnerability
ⓘ
information disclosure vulnerability ⓘ security bug ⓘ software vulnerability ⓘ |
| affectedRange |
OpenSSL 1.0.1 through 1.0.1f
NERFINISHED
ⓘ
OpenSSL 1.0.2-beta1 NERFINISHED ⓘ |
| affectsComponent | OpenSSL TLS/DTLS implementation NERFINISHED ⓘ |
| affectsProtocol |
DTLS
NERFINISHED
ⓘ
TLS NERFINISHED ⓘ |
| affectsSoftware | OpenSSL NERFINISHED ⓘ |
| allows |
disclosure of other sensitive data
ⓘ
disclosure of passwords ⓘ disclosure of private keys ⓘ disclosure of session cookies ⓘ reading process memory of affected client ⓘ reading process memory of affected server ⓘ |
| attackComplexity | low ⓘ |
| attackPrerequisite | use of vulnerable OpenSSL version ⓘ |
| attackVector | crafted TLS heartbeat request ⓘ |
| CVEID | CVE-2014-0160 ⓘ |
| CVSSv2BaseScore | 5.0 ⓘ |
| CVSSv2ExploitabilitySubscore | 10.0 ⓘ |
| CVSSv2ImpactSubscore | 2.9 ⓘ |
| CWEID | CWE-125 NERFINISHED ⓘ |
| CWEName | Out-of-bounds Read ⓘ |
| dateDisclosed | 2014-04-07 ⓘ |
| datePubliclyReported | 2014-04-07 ⓘ |
| discoveredBy |
Codenomicon security team
ⓘ
Neel Mehta NERFINISHED ⓘ |
| discoveredByOrganization |
Codenomicon
NERFINISHED
ⓘ
Google Security Team NERFINISHED ⓘ |
| exploitation | remote ⓘ |
| fixedBy | disabling TLS heartbeat extension ⓘ |
| fixedInVersion | OpenSSL 1.0.1g NERFINISHED ⓘ |
| hasLogo | bleeding heart logo ⓘ |
| hasNameOrigin | named by Codenomicon ⓘ |
| impacts |
VPN servers
ⓘ
confidentiality ⓘ email servers ⓘ embedded devices using OpenSSL ⓘ encryption keys ⓘ user credentials ⓘ web servers ⓘ |
| introducedInVersion |
OpenSSL 1.0.1
NERFINISHED
ⓘ
OpenSSL 1.0.1-beta1 NERFINISHED ⓘ OpenSSL 1.0.2-beta1 NERFINISHED ⓘ |
| notableConsequence |
necessitated mass revocation and reissue of TLS certificates
ⓘ
prompted large-scale password resets on many websites ⓘ |
| requiresAuthentication | false ⓘ |
| standardIdentifier | CVE-2014-0160 NERFINISHED ⓘ |
| vulnerabilityType |
bounds-checking error
ⓘ
buffer over-read ⓘ input validation error ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Heartbleed (CVE-2014-0160) Description of subject: Heartbleed (CVE-2014-0160) is a critical security bug in the OpenSSL cryptographic library that allowed attackers to read sensitive data from the memory of affected servers, compromising encryption keys, passwords, and other private information.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.