Vulnerability Details : CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Published 2014-04-07 22:55:04
Updated 2023-02-10 16:58:23
Source Red Hat, Inc.
View at NVD,
At least one public exploit which can be used to exploit this vulnerability exists!

Threat overview for CVE-2014-0160

Top countries where our scanners detected CVE-2014-0160
Top open port discovered on systems with this issue 21
IPs affected by CVE-2014-0160 276
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2014-0160!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.
CVE-2014-0160 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
OpenSSL Information Disclosure Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.
Added on 2022-05-04 Action due date 2022-05-25

Exploit prediction scoring system (EPSS) score for CVE-2014-0160

Probability of exploitation activity in the next 30 days: 97.53%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2014-0160

  • OpenSSL Heartbeat (Heartbleed) Information Leak
    Disclosure Date: 2014-04-07
    First seen: 2020-04-26
    This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports se
  • OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
    Disclosure Date: 2014-04-07
    First seen: 2020-04-26
    This module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher. Authors: - Neel Mehta - Riku - Antti - Matti - hdm <>

CVSS scores for CVE-2014-0160

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source

CWE ids for CVE-2014-0160

  • The product reads data past the end, or before the beginning, of the intended buffer.
    Assigned by: (Primary)

References for CVE-2014-0160

Products affected by CVE-2014-0160

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to terms of use!