search cancel

Are Symantec Data Loss Prevention (DLP) releases affected by the “Heartbleed” OpenSSL vulnerability (CVE-2014-0160)?


Article ID: 160063


Updated On:


Data Loss Prevention


A defect in the TLS/DTLS implementations of OpenSSL 1.0.1 - 1.0.1f may allow an attacker to obtain sensitive data including private keys via the Heartbeat extension of OpenSSL.


Symantec Data Loss Prevention (DLP) releases are NOT affected, as these do not use OpenSSL versions that are susceptible to this defect.

Note: In the Symantec DLP 12.0 Third-Party License Agreements guide, "OpenSSL 1.0.1c" is mistakenly included in the list of 3rd party licenses for DLP. This release of OpenSSL is NOT included in v12 of DLP, and is not present in earlier releases.