CVE-2014-0160

Publication date 7 April 2014

Last updated 25 August 2025

Ubuntu priority

High

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Status

Package Ubuntu Release Status
openssl 13.10 saucy
Fixed 1.0.1e-3ubuntu1.2
12.10 quantal
Fixed 1.0.1c-3ubuntu2.7
12.04 LTS precise
Fixed 1.0.1-4ubuntu5.12
10.04 LTS lucid
Not affected
openssl098 13.10 saucy
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openssl

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.5 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities