1. Knowledge Base
  2. Security Advisories

PZOS-2014-001: OpenSSL TLS Heartbeat Vulnerability Review

Issue Date: 2014/04/09
Updated Date: 2014/04/09
Title: OpenSSL TLS Heartbeat Vulnerability Review
Classification: Advisory/Informational
Status: Closed
Affected Products: PZOS – All Supported Versions or Below


The OpenSSL Project announced a Security Advisory on April 07, 2014 regarding a critical TLS vulnerability in version 1.0.1 through version 1.0.1f (CVE-2014-0160 – https://www.openssl.org/news/secadv_20140407.txt)


A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Panzura would like to reassure our customers that a thorough review of the PZOS code base has been undertaken it is confirmed that all TLS-secured communication used in the Panzura system is NOT vulnerable to this exploit.


Panzura software is not at risk from this vulnerability.