virus logo FortiClient Vulnerability

OpenSSL CVE-2014-0160 Out of Bounds Read Vulnerability

description-logoDescription

A missing bounds check in the handling of the TLS heartbeat extension can beused to reveal up to 64k of memory to a connected client or server.Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including1.0.1f and 1.0.2-beta1.Thanks for Neel Mehta of Google Security for discovering this bug and toAdam Langley and Bodo Moeller forpreparing the fix.Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediatelyupgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.1.0.2 will be fixed in 1.0.2-beta2.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-0160

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39794
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL