7.5 CVE-2014-0160
CISA Kev Catalog Patch Exploit
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
https://nvd.nist.gov/vuln/detail/CVE-2014-0160
Categories
CWE-125 : Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer. When an out-of-bounds read occurs, typically the product has already made a separate mistake, such as modifying an index or performing pointer arithmetic that produces an out-of-bounds address. Shorthand for "Out of bounds" read Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Use a language that provides appropriate memory abstractions. The reference implementation code for a Trusted Platform Module does not implement length checks on data, allowing for an attacker to read 2 bytes past the end of a buffer. Out-of-bounds read in IP stack used in embedded systems, as exploited in the wild per CISA KEV. Chain: "Heartbleed" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data. HTML conversion package has a buffer under-read, allowing a crash Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125) Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122). Chain: series of floating-point precision errors(CWE-1339) in a web browser rendering engine causes out-of-bounds read(CWE-125), giving access to cross-origin data out-of-bounds read due to improper length check packet with large number of specified elements cause out-of-bounds read. packet with large number of specified elements cause out-of-bounds read. out-of-bounds read, resultant from integer underflow large length value causes out-of-bounds read malformed image causes out-of-bounds read OS kernel trusts userland-supplied length value, allowing reading of sensitive information
References
af854a3a-2127-422b-91ae-364da2661108 Patch Exploit
secalert@redhat.com Patch Exploit
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | >= 1.0.1 | < 1.0.1g |
| Configuration 2 | ||
| cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:* | < 0.9.44 | |
| Configuration 3 | ||
| AND | ||
| cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:* | ||
| Configuration 4 | ||
| AND | ||
| cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:* | ||
| Configuration 5 | ||
| AND | ||
| cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:* | ||
| Configuration 6 | ||
| AND | ||
| cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:* | ||
| Configuration 7 | ||
| cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:* | < 8.3.3 | |
| cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:* | ||
| Configuration 8 | ||
| AND | ||
| cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:* | ||
| Configuration 9 | ||
| AND | ||
| cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:* | ||
| Configuration 10 | ||
| cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:* | ||
| cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:* | ||
| cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:* | ||
| cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:* | ||
| cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:* | ||
| Configuration 11 | ||
| cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* | ||
| Configuration 12 | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* | ||
| Configuration 13 | ||
| cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* | ||
| Configuration 14 | ||
| cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* | ||
| Configuration 15 | ||
| cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| Configuration 16 | ||
| AND | ||
| cpe:2.3:o:ricon:s9922l_firmware:16.10.3(3794):*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:* | ||
| Configuration 17 | ||
| cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1:*:*:*:*:*:*:* | ||
| Configuration 18 | ||
| cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* | >= 6.0.0 | < 6.0.3 |
REMEDIATION
Patch
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| 540 | Overread Buffers |
High |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
