Heartbleed was not a flaw in the TLS protocol specification, but a catastrophic implementation error in the OpenSSL library. It demonstrated how a simple missing bounds check in a 'keep-alive' feature could expose the most sensitive secrets of a server to the world.
The TLS Heartbeat extension allows one peer to send a 'payload' (a string of data) and a 'length' field. The receiver is required to echo the same payload back to prove the connection is still active.
The vulnerability was a classic 'Buffer Over-read.' The server trusted the length field provided by the client without verifying if the actual payload matched that length.
In the terminal example, the attacker claims the payload is 64KB long but only sends 3 bytes. The server, blindly trusting the length field, copies 64KB of its own process memory and sends it back to the attacker.
Because the leaked memory could contain the server's private RSA key, every session ever encrypted with that key was potentially compromised.
// Vulnerable C code in OpenSSL
unsigned char *p = &s->s3->rrec.data[0];
unsigned short length = s->s3->rrec.length;
// The bug: length is not checked against actual received packet size
memcpy(buffer, p, length); // Buffer over-read happens here!| Impact Area | Effect | Severity |
|---|---|---|
| Session Security | Cookies leaked $ o$ Session Hijacking | High |
| Server Identity | Private Key leak $ o$ Impersonation | Critical |
| User Privacy | Plaintext passwords leaked | High |
The fix was a simple bounds check. However, the recovery was a global nightmare, requiring millions of servers to revoke their certificates and generate new keys.
Simply patching the software is not enough if the keys were already stolen; certificate rotation is the only way to regain trust.
Verify exercises to earn โ 250 XP and unlock next lab level.