CVE-2014-0160 Explained: Heartbleed and the Vulnerability That Broke the Internet
A catastrophic memory disclosure vulnerability in OpenSSL's TLS heartbeat extension that allowed anyone to silently read server memory, including private keys, session tokens, and plaintext passwords, with no authentication and no trace in logs.

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
CVE-2014-0160, named Heartbleed, was independently discovered by Neel Mehta of Google Security and researchers at Codenomicon, disclosed on April 7, 2014. It is a bounds-checking vulnerability in OpenSSL's implementation of the TLS heartbeat extension, a keep-alive mechanism that verifies a connection is still alive without a full renegotiation.
The flaw: when a heartbeat request is received, OpenSSL trusts the client-specified payload length without verifying the actual payload matches that length. By claiming a 64KB payload while sending 1 byte, an attacker causes the server to respond with 64KB of server memory, whatever happens to be adjacent to the heartbeat buffer.
That adjacent memory can contain the server's private SSL/TLS key (enabling decryption of all past and future traffic), active session tokens, usernames and passwords transmitted over the connection, and other sensitive data. No authentication required. No trace in server logs.
How the Heartbleed Exploit Works
OpenSSL's vulnerable code reads the stated payload length from the client's HeartbeatRequest without verifying the actual payload is that long. It then copies (stated_length) bytes starting from the actual payload pointer into the response buffer and sends the response to the attacker.
If the client states 65,535 bytes but sends 1 byte, OpenSSL copies 65,535 bytes from server memory into the response, 65,534 bytes beyond the actual payload. Each request leaks up to 64KB of server memory. Requests can be repeated indefinitely with zero authentication and zero log evidence, progressively mapping large portions of server memory.
Send Malformed HeartbeatRequest
Attacker sends a TLS HeartbeatRequest with payload_length set to 65,535 and an actual payload of 1 byte.
Server Reads Past Buffer Boundary
OpenSSL reads 65,535 bytes from memory starting at the 1-byte payload, reading 65,534 bytes into adjacent server memory.
Server Returns Memory Contents
OpenSSL constructs a HeartbeatResponse containing the overread memory contents and sends it to the attacker.
Extract Sensitive Data
Attacker parses the response for private keys (identifiable by RSA key headers), session cookies, authentication tokens, and plaintext credentials.
Repeat to Map Server Memory
Attacker sends hundreds of requests to collect different memory pages, progressively increasing probability of capturing the private TLS key.
Affected Versions and Scope
CVE-2014-0160 affects OpenSSL 1.0.1 through 1.0.1f. The heartbeat extension code was introduced in OpenSSL 1.0.1 (March 2012) and the flaw existed for over two years before discovery.
At the time of disclosure, an estimated 17% of all HTTPS servers on the internet were running vulnerable OpenSSL versions, including servers at Google, Yahoo, and Amazon. The bug was present in OpenSSL packages shipped with Ubuntu 12.04, Debian Wheezy, CentOS 6.5, Fedora 18+, and many others.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
How to Patch Heartbleed and Recover
Patching Heartbleed requires not only upgrading OpenSSL but also revoking and replacing all TLS certificates. If private keys were exposed before patching, they remain compromised indefinitely, the patch alone is insufficient.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
The bottom line
Heartbleed demonstrated that the most critical vulnerabilities can be completely silent, no exploitation evidence, no server-side logs, no user complaints. OpenSSL 1.0.1f and earlier must never be running in production. If you find it anywhere in your environment, patch, re-key, and rotate everything immediately. The patch alone without certificate revocation and key rotation leaves the system compromised.
This analysis is generic — the platform version scores threats like this against your own stack.
Frequently asked questions
What is Heartbleed (CVE-2014-0160)?
Heartbleed is a buffer over-read in OpenSSL's TLS heartbeat extension. An attacker sends a malformed heartbeat request claiming a larger payload than actually sent; the server returns the claimed length from its own memory, leaking up to 64KB of process memory per request. This can expose private SSL keys, session tokens, and plaintext credentials. No authentication required, and no trace is left in server logs.
How do I fix Heartbleed?
Upgrade OpenSSL to version 1.0.1g or later. After patching: revoke and reissue all TLS certificates (private keys may have been exposed), rotate all session tokens and passwords, and notify affected users. Simply patching without rekeying leaves stolen keys permanently usable.
Is Heartbleed still a risk?
Heartbleed itself is patched in all modern OpenSSL versions. However, certificates issued before patching that were never revoked and private keys exposed before the patch remain compromised. Some legacy systems running unpatched OpenSSL versions still exist and should be treated as fully exposed.
What is the TLS heartbeat extension and why did it contain CVE-2014-0160?
The TLS heartbeat extension (RFC 6520) is a keep-alive mechanism for TLS connections. A client sends a HeartbeatRequest with a payload and a stated payload length; the server responds with the same payload at the stated length to confirm the connection is active. CVE-2014-0160 exists because OpenSSL's implementation trusted the client-supplied length without verifying it matched the actual payload. By claiming a 65,535-byte payload while sending 1 byte, an attacker received 65,534 bytes of server memory as padding, leaking arbitrary process memory with no authentication required.
How do I test if my server is still vulnerable to Heartbleed?
Several tools test for Heartbleed: (1) Qualys SSL Labs at ssllabs.com/ssltest/ reports Heartbleed status in its scan results; (2) Command line: testssl.sh with the --heartbleed flag; (3) Nmap: nmap -p 443 --script ssl-heartbleed target; (4) verify the installed OpenSSL version: openssl version. Any system reporting vulnerability should be treated as if private keys and session tokens were already exposed.
Why must you reissue SSL certificates after Heartbleed, not just patch?
Heartbleed allows attackers to read server memory including the private key used for TLS encryption. If an attacker captured the private key before patching, they can decrypt any recorded past traffic, generate fraudulent certificates for your domains, or impersonate your server indefinitely. Patching OpenSSL stops future memory leakage but does not invalidate the private key that was already exposed. You must: generate a new private key (never reuse the old one), obtain a new certificate from your CA, and explicitly revoke the old certificate. Organizations that patched but skipped key rotation left attackers permanently in possession of a valid key.
Sources & references
- Codenomicon / Synopsys
- Google Security
- OpenSSL Security Advisory
- NIST NVD
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
