from what i know: https://www.openssl.org/news/secadv_20140407.txt
OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <a...@chromium.org> and Bodo Moeller <bmoel...@acm.org> for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2. 2014-04-14 3:21 GMT-03:00 Gayathri Manoj <gayathri.an...@gmail.com>: > Hi All, > > Please let me know is this vulnerability will effect the products which > are using openssl version less than openssl 1.0.1 > > Thanks, > Gayathri > -- Roberto Spadim SPAEmpresarial Eng. Automação e Controle
