Heartbleed
Line 1: | Line 1: | ||
{{DISPLAYTITLE:Heartbleed : OpenSSL Heartbeat Extension Vulnerability}} | {{DISPLAYTITLE:Heartbleed : OpenSSL Heartbeat Extension Vulnerability}} | ||
− | On April 7 | + | On April 7 2014, a vulnerability named "Heartbleed" in the OpenSSL cryptography library was publicly announced. Heartbleed is registered in the Common Vulnerabilities and Exposures system as '''CVE-2014-0160'''. OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, thus the bug's name derives from "heartbeat". The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. |
= Affected Products = | = Affected Products = |
Latest revision as of 23:57, 6 October 2014
On April 7 2014, a vulnerability named "Heartbleed" in the OpenSSL cryptography library was publicly announced. Heartbleed is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160. OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, thus the bug's name derives from "heartbeat". The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed.
Contents |
Affected Products
None
Details
This vulnerability has no impact on TelcoBridges products or Toolpack developer customer using CentOS 5.x, which use an older version of OpenSSL. The vulnerabilities appeared only starting from OpenSSL 1.0.1 with the support for TLS/DTLS heartbeat extension (RFC6520).
Software Versions and Fixes
Not vulnerable
Update procedure
Not applicable