The IT Law Wiki


32,080pages on
this wiki
Add New Page
Add New Page Talk0

Overview Edit

Heartbleed is a security bug in the OpenSSL cryptography library that gained widespread attention in April 2014. OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. Heartbleed results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, the heartbeat being the basis for the bug's name. The vulnerability is classified as a buffer overread, a situation where software allows more data to be read than should be allowed.

External resource Edit

  • Robert McMillan, "It's Crazy What Can Be Hacked Thanks to Heartbleed," Wired, Apr. 28, 2014 (full-text).

This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png

Also on Fandom

Random Wiki