oval:org.mitre.oval:def:24241

Definition Id: oval:org.mitre.oval:def:24241
 
Oval ID: oval:org.mitre.oval:def:24241
Title: The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read
Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0160
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis: