CVE-2014-0160 — OpenSSL OpenSSL

OpenSSL Information Disclosure Vulnerability

Added to KEV

2022-05-04

Federal due date

2022-05-25

Vendor

OpenSSL

Product

OpenSSL

EPSS

100.0th percentile (score 0.945, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2014-0160

CISA short description

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.