CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source

https://github.com/FiloSottile/Heartbleed

Associated Vulnerability

Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Description

A checker (site and tool) for CVE-2014-0160

Readme

Heartbleed
==========

A checker (site and tool) for CVE-2014-0160.

Public site at https://filippo.io/Heartbleed/

Tool usage:

```
    Heartbleed [-service="service_name"] example.com[:443]
    Heartbleed service_name://example.com[:443]
```

Exit codes: `0` - SAFE; `1` - VULNERABLE; `2` - ERROR. (*recently changed*)

See the [online FAQ](http://filippo.io/Heartbleed/faq.html) for an explanation of error messages including `TIMEOUT` and `BROKEN PIPE`.

If a service name is specified besides `https`, the tool checks the specified service using STARTTLS.
**You do still need to specify the correct port.**

## Install

You will need Go >= 1.2, otherwise you'll get `undefined: cipher.AEAD` and other errors

```
go get github.com/FiloSottile/Heartbleed
```

You can also use Docker to get a ready to run virtual machine with Heartbleed: https://github.com/kasimon/docker-heartbleed

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!