hypeorhack
← back

CVE-2014-0160

HIGH · 7.5 KEV EPSS 100.0%
hype PURE HYPE · 12 hack

Heartbleed itself dormant; social posts misattribute name to unrelated CVEs.

What: OpenSSL TLS/DTLS Heartbeat Extension buffer over-read (CVE-2014-0160, Heartbleed) affecting OpenSSL 1.0.1 before 1.0.1g; allows remote attackers to leak process memory including private keys. CVSS 7.5 HIGH, EPSS 0.99999.

Why it matters: KEV-listed since May 2022. Heartbleed is a canonical memory-disclosure vulnerability exploited at scale in 2014 and remains a reference point for severity. The social chatter conflates Heartbleed with newer vulnerabilities (Squidbleed, OpenCode RCE) as rhetorical comparisons, not active Heartbleed exploitation—evidence of historical impact, not current weaponization.

Where it's seen: Posts use "Heartbleed" as a severity metaphor for unrelated 2026 CVEs; no new Heartbleed PoCs or in-the-wild activity reported. Discussion centers on supply chain and agentic risks, not OpenSSL patching urgency.

RISK: LOW — Heartbleed patched in 2014; legacy systems rare; discussion is retrospective.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/19/2026, 10:49:31 AM

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVSS 3.1 breakdown

Exploitability 3.9 · Impact 3.6
vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack vector
Network
Complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected versions

  • openssl/openssl
    • 1.0.1 – < 1.0.1g
  • filezilla-project/filezilla_server
    • < 0.9.44
  • siemens/application_processing_engine_firmware
    • 2.0
  • siemens/cp_1543-1_firmware
    • 1.1
  • siemens/simatic_s7-1500_firmware
    • 1.5
  • siemens/simatic_s7-1500t_firmware
    • 1.5
  • siemens/elan-8.2
    • < 8.3.3
  • siemens/wincc_open_architecture
    • 3.12
  • intellian/v100_firmware
    • 1.20
    • 1.21
    • 1.24
  • intellian/v60_firmware
    • 1.15
    • 1.25
  • mitel/micollab
    • 6.0
    • 7.0
    • 7.1
    • 7.2
    • 7.3
    • 7.3.0.104
  • mitel/mivoice
    • 1.1.2.5
    • 1.1.3.3
    • 1.2.0.11
    • 1.3.2.2
    • 1.4.0.102
  • opensuse/opensuse
    • 12.3
    • 13.1
  • canonical/ubuntu_linux
    • 12.04
    • 12.10
    • 13.10
  • fedoraproject/fedora
    • 19
    • 20
  • redhat/gluster_storage
    • 2.1
  • redhat/storage
    • 2.1
  • redhat/virtualization
    • 6.0
  • redhat/enterprise_linux_desktop
    • 6.0
  • redhat/enterprise_linux_server
    • 6.0
  • +8 more product/version pairs

Weaknesses

Vendors

  • openssl
  • filezilla-project
  • siemens
  • intellian
  • mitel
  • opensuse
  • canonical
  • fedoraproject
  • redhat
  • debian
  • ricon
  • broadcom
  • +1 more

Products

  • openssl
  • filezilla_server
  • application_processing_engine_firmware
  • application_processing_engine
  • cp_1543-1_firmware
  • cp_1543-1
  • simatic_s7-1500_firmware
  • simatic_s7-1500
  • simatic_s7-1500t_firmware
  • simatic_s7-1500t
  • elan-8.2
  • wincc_open_architecture
  • +23 more

References

Third-party advisories · 223
Other · 20