Heartbleed (CVE-2014-0160)

E792089

OpenSSL vulnerability information disclosure vulnerability security bug software vulnerability

Heartbleed (CVE-2014-0160) is a critical security bug in the OpenSSL cryptographic library that allowed attackers to read sensitive data from the memory of affected servers, compromising encryption keys, passwords, and other private information.

Try in SPARQL Jump to: Surface forms Statements Referenced by

Observed surface forms (1)

Surface form	Occurrences
Heartbleed	0

Statements (53)

Predicate	Object
instanceOf	OpenSSL vulnerability ⓘ information disclosure vulnerability ⓘ security bug ⓘ software vulnerability ⓘ
affectedRange	OpenSSL 1.0.1 through 1.0.1f NERFINISHED ⓘ OpenSSL 1.0.2-beta1 NERFINISHED ⓘ
affectsComponent	OpenSSL TLS/DTLS implementation NERFINISHED ⓘ
affectsProtocol	DTLS NERFINISHED ⓘ TLS NERFINISHED ⓘ
affectsSoftware	OpenSSL NERFINISHED ⓘ
allows	disclosure of other sensitive data ⓘ disclosure of passwords ⓘ disclosure of private keys ⓘ disclosure of session cookies ⓘ reading process memory of affected client ⓘ reading process memory of affected server ⓘ
attackComplexity	low ⓘ
attackPrerequisite	use of vulnerable OpenSSL version ⓘ
attackVector	crafted TLS heartbeat request ⓘ
CVEID	CVE-2014-0160 ⓘ
CVSSv2BaseScore	5.0 ⓘ
CVSSv2ExploitabilitySubscore	10.0 ⓘ
CVSSv2ImpactSubscore	2.9 ⓘ
CWEID	CWE-125 NERFINISHED ⓘ
CWEName	Out-of-bounds Read ⓘ
dateDisclosed	2014-04-07 ⓘ
datePubliclyReported	2014-04-07 ⓘ
discoveredBy	Codenomicon security team ⓘ Neel Mehta NERFINISHED ⓘ
discoveredByOrganization	Codenomicon NERFINISHED ⓘ Google Security Team NERFINISHED ⓘ
exploitation	remote ⓘ
fixedBy	disabling TLS heartbeat extension ⓘ
fixedInVersion	OpenSSL 1.0.1g NERFINISHED ⓘ
hasLogo	bleeding heart logo ⓘ
hasNameOrigin	named by Codenomicon ⓘ
impacts	VPN servers ⓘ confidentiality ⓘ email servers ⓘ embedded devices using OpenSSL ⓘ encryption keys ⓘ user credentials ⓘ web servers ⓘ
introducedInVersion	OpenSSL 1.0.1 NERFINISHED ⓘ OpenSSL 1.0.1-beta1 NERFINISHED ⓘ OpenSSL 1.0.2-beta1 NERFINISHED ⓘ
notableConsequence	necessitated mass revocation and reissue of TLS certificates ⓘ prompted large-scale password resets on many websites ⓘ
requiresAuthentication	false ⓘ
standardIdentifier	CVE-2014-0160 NERFINISHED ⓘ
vulnerabilityType	bounds-checking error ⓘ buffer over-read ⓘ input validation error ⓘ

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

OpenSSL → notableVulnerability → Heartbleed (CVE-2014-0160) ⓘ