Heartbleed is a security bug in the OpenSSL cryptography library that gained widespread attention in April 2014. OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. Heartbleed results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, the heartbeat being the basis for the bug's name. The vulnerability is classified as a buffer overread, a situation where software allows more data to be read than should be allowed.
External resource Edit
- Robert McMillan, "It's Crazy What Can Be Hacked Thanks to Heartbleed," Wired, Apr. 28, 2014 (full-text).
|This page uses Creative Commons Licensed content from Wikipedia (view authors).|