OpenSSL up to 1.0.2 TLS/DTLS Heartbeat ssl/t1_lib.c dtls1_process_heartbeat/dtls1_process_heartbeat memory corruption

CVSS Meta Temp Score
CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.
Current Exploit Price (≈)
Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.
CTI Interest Score
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.
7.3$0-$5k0.00

A vulnerability, which was classified as very critical, was found in OpenSSL up to 1.0.2 (Network Encryption Software). This affects the function dtls1_process_heartbeat/dtls1_process_heartbeat in the library ssl/t1_lib.c of the component TLS/DTLS Heartbeat Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality. The summary by CVE is:

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
The media made this vulnerability popular with the name "heartbleed".

The issue has been introduced in 01/01/2012. The weakness was shared 04/07/2014 by Neel Mehta with Google as secadv_20140407.txt as confirmed security advisory (Website). It is possible to read the advisory at openssl.org. The vendor cooperated in the coordination of the public release. This vulnerability is uniquely identified as CVE-2014-0160 since 12/03/2013. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 09/09/2024). Due to its background and reception, this vulnerability has a historic impact. The advisory points out:

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

A public exploit has been developed by Jared Stafford in Python and been published 1 days after the advisory. The exploit is shared for download at exploit-db.com. It is declared as highly functional. The vulnerability was handled as a non-public zero-day exploit for at least 827 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 73389 (FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks and running in the context r. The commercial vulnerability scanner Qualys is able to test this issue with plugin 350410 (Amazon Linux Security Advisory for openssl: ALAS-2014-320). There has also been a Metasploit module (openssl_heartbleed.rb) published.The CISA Known Exploited Vulnerabilities Catalog lists this issue since 05/04/2022 with a due date of 05/25/2022:

Apply updates per vendor instructions.

Upgrading to version 1.0.1g eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.openssl.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The security advisory contains the following remark:

Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
It is possible to detect attack attempts with 'tshark -i eth0 -R "ssl.record.content_type eq 24 and not ssl.heartbeat_message.type"'. Attack attempts may be identified with Snort ID 30510. In this case the pattern |18 03 00| is used for detection. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 13817.

The vulnerability is also documented in the databases at X-Force (92322), Exploit-DB (32745), Tenable (73389), SecurityFocus (BID 66690†) and OSVDB (105465†). Further details are available at kb.cert.org. The entry VDB-13072 is related to this item.

Affected

  • Alcatel-Lucent
  • Debian GNU/Linux
  • Fedora Linux
  • FreeBSD
  • Gentoo Linux
  • Mandriva Linux
  • Red Hat Linux
  • Slackware Linux
  • SUSE Linux
  • Ubuntu Linux

Not Affected

  • OpenSSL up to 0.9.8x

Productinfo

Type

Name

Version

License

Support

  • end of life (old version)

CPE 2.3info

CPE 2.2info

Screenshot

CVSSv4info

VulDB CVSS-B Score: 🔍
VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍

CVSSv3info

VulDB Meta Base Score: 7.5
VulDB Meta Temp Score: 7.3

VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍

NVD Base Score: 7.5
NVD Vector: 🔍

CVSSv2info

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Exploitinginfo

Class: Memory corruption
CWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍

Local: No
Remote: Yes

Availability: 🔍
Access: Public
Status: Highly functional
Author: Jared Stafford
Programming Language: 🔍
Download: 🔍

EPSS Score: 🔍
EPSS Percentile: 🔍

KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍

Price Prediction: 🔍
Current Price Estimation: 🔍

0-Dayunlockunlockunlockunlock
Todayunlockunlockunlockunlock

Nessus ID: 73389
Nessus Name: FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍

OpenVAS ID: 881918
OpenVAS Name: CentOS Update for openssl CESA-2014:0376 centos6
OpenVAS File: 🔍
OpenVAS Family: 🔍

Qualys ID: 🔍
Qualys Name: 🔍

MetaSploit ID: openssl_heartbleed.rb
MetaSploit Name: OpenSSL Heartbeat (Heartbleed) Information Leak
MetaSploit File: 🔍

Exploit-DB: 🔍

Threat Intelligenceinfo

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍

Countermeasuresinfo

Recommended: Upgrade
Status: 🔍

Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍

Upgrade: OpenSSL 1.0.1g
Patch: git.openssl.org

Snort ID: 30510
Snort Message: SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt
Snort Class: 🔍
Snort Pattern: 🔍

Suricata ID: 2018372
Suricata Class: 🔍
Suricata Message: 🔍

TippingPoint: 🔍

McAfee IPS: 🔍
McAfee IPS Version: 🔍

ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍

Timelineinfo

01/01/2012 🔍
12/03/2013 +702 days 🔍
04/07/2014 +125 days 🔍
04/07/2014 +0 days 🔍
04/07/2014 +0 days 🔍
04/07/2014 +0 days 🔍
04/07/2014 +0 days 🔍
04/08/2014 +1 days 🔍
04/08/2014 +0 days 🔍
04/08/2014 +0 days 🔍
04/08/2014 +0 days 🔍
04/08/2014 +0 days 🔍
04/08/2014 +0 days 🔍
04/24/2014 +16 days 🔍
12/03/2015 +588 days 🔍
09/09/2024 +3203 days 🔍

Sourcesinfo

Product: openssl.org

Advisory: secadv_20140407.txt
Researcher: Neel Mehta
Organization: Google
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍

CVE: CVE-2014-0160 (🔍)
OVAL: 🔍
IAVM: 🔍

X-Force: 92322 - OpenSSL heartbeat information disclosure, High Risk
SecurityFocus: 66690 - OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities
Secunia: 57347 - OpenSSL TLS Heartbeat Information Disclosure Vulnerability, Moderately Critical
OSVDB: 105465
SecurityTracker: 1030026
Vulnerability Center: 54773 - Symantec Risk Automation Suite 4.0.8 Remote Information Disclosure Vulnerability due to Heartbleed Bug, Critical

scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍

Entryinfo

Created: 04/08/2014 02:59 PM
Updated: 09/09/2024 10:30 PM
Changes: 04/08/2014 02:59 PM (145), 01/25/2018 12:01 PM (2), 06/16/2021 02:55 PM (11), 06/16/2021 02:57 PM (1), 04/25/2024 07:15 PM (28), 07/02/2024 10:28 PM (1), 09/09/2024 10:30 PM (1)
Complete: 🔍
Cache ID: 18:9A0:40

Discussion

No comments yet. Languages: en.

Please log in to comment.

Do you want to use VulDB in your project?

Use the official API to access entries easily!