Fig 1. BF DVR bug from DVR–MAD–(MUS & MUS) chain of CVE-2014-0160 – Heartbleed Buffer Overflow
- DVR (Verify)
- Cause:
- Attributes:
- Mechanism:
- Source Code:
d1_both.c and t1_lib.c)- Execution Space:
- State:
- Consequence:
- Heartbleed is a vulnerability due to a bug in the OpenSSL that allows a server to read over the bounds of a buffer. Using the heartbeat extension tests in TLS (Transport Layer Security) and DTLS (Datagram Transport Layer Security) protocols, a user can send a heartbeat request to a server. The request contains a string and a
payload unsigned integer, which value is expected to be the string size but could be as big as 65535.- Fig. 1 presents the BF taxonomy for the Heartbeat DVR bug.
- To fix the bug, the OpenSSL team added a value verification for the array size.