What was Heartbleed (CVE-2014-0160) and why was it so damaging?
A read-overflow bug in OpenSSL's TLS heartbeat extension that let any attacker read up to 64 KB of server memory per request — silently, with no log entries.
The heartbeat extension lets a client send "are you still there? echo back N bytes saying X" and the server replies with N bytes. OpenSSL didn't check that the client actually sent the N bytes it claimed — it just copied N bytes out of the server's memory and sent them back.
What was in that memory? Whatever happened to be near the TLS connection state: private keys, session tokens, passwords, decrypted request bodies, email contents.
Why it was a crisis:
- OpenSSL was running on ~17% of the public web at the time.
- No log entry was created — you could not tell after the fact if your server's keys had been stolen.
- Every site had to assume keys were compromised → mass certificate revocation and reissuance.
- The bug had been in production for ~2 years before disclosure.
Lessons:
- A memory-safety bug in a tiny corner of a security library can compromise everything the library was supposed to protect.
- "It compiles and the tests pass" is not the same as "it's secure."
- Memory-safe languages (or formally verified TLS stacks like Rustls) eliminate this entire class of vulnerability.
Tip: The xkcd cartoon (#1354) is the clearest explanation ever drawn. Worth bookmarking.