| CVE ID | CVE-2014-0160 |
| Affected software | OpenSSL 1.0.1 through 1.0.1f |
| Severity | CVSS 7.5 (High) — sensitive data exposure at massive scale |
| Fixed in | OpenSSL 1.0.1g |
| Disclosed | April 7, 2014 |
What Happened
OpenSSL implements the TLS "heartbeat" feature, which lets one side of a connection send a small message and ask the other side to echo it back, just to confirm the connection is still alive. The request includes the message and a length value saying how long it is.
OpenSSL's code trusted that length value without checking it matched the actual message. A client could say "my message is 64KB" while sending only a few bytes — and the server would copy 64KB of its own memory into the reply, leaking whatever happened to be sitting next to that tiny message: other users' session data, private encryption keys, even passwords.
What This Means
This is called a buffer over-read: the program reads past the end of the data it was given because it trusted a length field instead of verifying it. No login was required, no malware needed to be installed — an attacker just sent a malformed heartbeat and read back whatever memory came out.
Why You Should Care
OpenSSL is the encryption engine behind a huge share of "secure" (HTTPS) websites, VPNs, and email servers. Heartbleed mattered because it undermined the very thing TLS exists to guarantee — confidentiality — and it had been quietly exploitable for over two years before anyone noticed. Worse, repeatedly exploiting it left almost no trace in server logs, so nobody could be fully sure what, if anything, had already been stolen.
What You Can Do
- Keep cryptographic libraries (OpenSSL, BoringSSL, LibreSSL) on a patch-managed, regularly updated schedule — don't treat "it's just a library" as low priority.
- After a vulnerability like this is patched, rotate any secrets that may have been exposed: TLS certificates/private keys, session tokens, and passwords.
- Use bounds-checked memory operations and fuzz-testing in your own C/C++ code — this exact bug class (trusting an attacker-supplied length) recurs constantly.
- Don't assume "no suspicious logs" means "nothing happened" for vulnerabilities that are inherently hard to detect after the fact.
Heartbleed prompted a mass, simultaneous certificate-revocation and password-reset event across much of the web — banks, email providers, and government sites all urged users to change passwords once the bug went public, since nobody could rule out that their keys had already been silently read.
A server trusted a number an attacker controlled instead of verifying it — and that one missing check was enough to leak the encryption layer's own secrets.
Explore More CVEs