VDB
DEBIAN-CVE-2014-0160
DEBIAN-CVE-2014-0160
PUBLISHED
CVSS 7.5 HIGH
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | openssl | 0, 0, 0 |
| Debian:13 | openssl | 0, 0, 0 |
| Debian:14 | openssl | 0, 0, 0 |
| Debian:12 | openssl | 0, 0, 0 |
Exploit Intelligence
- Educational laboratory for studying CVE-2014-0160 (Heartbleed) and framing inconsistencies in TLS heartbeat handling. (github-poc)
- A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Installation : $ apt update && apt upgrade $ apt install git $ apt install python2 $ apt install python $ git clone https://github.com/hahwul/ a2... (github-poc-repo)
- Demonstration of the Heartbleed CVE (CVE-2014-0160), including lab setup instructions and source code to build your own Heartbleed lab for educational purposes (github-poc)
- CVE-2014-0160 (github-poc)
- 22imer/CVE-2014-0160 (github-poc)
- Heartbleed (CVE-2014-0160) was devastating because it leaked adjacent memory. CTT-Heartbleed goes further—it uses 33-layer temporal resonance to map, reconstruct, and extract specific memory regions across time, not just adjacent buffers. (github-poc)
- This Python PoC script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with heartbeat extension and sending a crafted heartbeat request. It parses responses to identify leaked memory, helping assess server susceptibility to this critical OpenSSL flaw. (github-poc)
- The objective of this project was to assess a remote host for the Heartbleed vulnerability (CVE-2014-0160), verify its presence, and exploit it to extract potentially sensitive information from server memory over the TLS protocol. (github-poc)
- This is the Heratbleed bug (CVE-2014-0160) documentation I did for Advenced Cyber Attacks course. (github-poc)
- yashfren/CVE-2014-0160-HeartBleed (github-poc)
…and 76 more exploits
Timeline
- Apr 7, 2014 CVE Published
- Apr 9, 2014 PoC Published
- Apr 11, 2025 PoC Published
- Apr 28, 2026 CVE Updated