HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2014-0160

CVSS 7.5v3.1pub. 2014-04-07upd. 2026-04-21

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Broadcom Symantec Messaging Gateway

    APP
    Broadcom
    10.6.010.6.1
  • Canonical Ubuntu

    OS
    Canonical
    12.0412.1013.10
  • Debian

    OS
    Debian
    6.07.08.0
  • Fedora Project Fedora

    OS
    Fedoraproject
    1920
  • Filezilla Project Filezilla Server

    APP
    Filezilla-Project
    < 0.9.44
  • Intellian V100

    HW
    Intellian
    wszystkie wersje
  • Intellian V100 Firmware

    OS
    Intellian
    1.201.211.24
  • Intellian V60

    HW
    Intellian
    wszystkie wersje
  • Intellian V60 Firmware

    OS
    Intellian
    1.151.25
  • Mitel Micollab

    APP
    Mitel
    6.07.07.17.27.37.3.0.104
  • Mitel Mivoice

    APP
    Mitel
    1.1.2.51.1.3.31.2.0.111.3.2.21.4.0.102
  • OpenSSL

    APP
    Openssl
    1.0.1 – 1.0.1g (bez)
  • Opensuse

    OS
    Opensuse
    12.313.1
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    6.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    6.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    6.5
  • Red Hat Enterprise Linux Server Eus

    OS
    Redhat
    6.5
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    6.5
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    6.0
  • Red Hat Gluster Storage

    APP
    Redhat
    2.1
  • Red Hat Storage

    APP
    Redhat
    2.1
  • Red Hat Virtualization

    APP
    Redhat
    6.0
  • Ricon S9922l

    HW
    Ricon
    1.0
  • Ricon S9922l Firmware

    OS
    Ricon
    16.10.3\(3794\)
  • Siemens Application Processing Engine

    HW
    Siemens
    wszystkie wersje
  • Siemens Application Processing Engine Firmware

    OS
    Siemens
    2.0
  • Siemens Cp 1543 1

    HW
    Siemens
    wszystkie wersje
  • Siemens Cp 1543 1 Firmware

    OS
    Siemens
    1.1
  • Siemens Elan 8.2

    APP
    Siemens
    < 8.3.3
  • Siemens Simatic S7 1500

    HW
    Siemens
    wszystkie wersje

CISA KEV — detailsi

Vendori
OpenSSL
Producti
OpenSSL
Added to KEVi
May 4, 2022
Remediation deadline (US Federal)i
May 25, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 25 maja 2022
CWE
References

Related vulnerabilities

CVE-2026-20253CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Splunk Enterprise — tworzenie/skracanie plików bez uwierzytelnienia przez sidecar PostgreSQL

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)