Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed may be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client.
Status of different versions: OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. New MitM Vulnerability Plagues Client, Server Versions of OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution,” the OpenSSL Project noted in its advisory. The vulnerability, CVE-2014-0224, was reported on May 1, 2014 by Masashi Kikuchi of Vulnerability in some versions of OpenSSL: IU Wide: News Apr 08, 2014 security - Heartbleed: What is it and what are options to
NVD - Results
We’ve been able to execute the attack against OpenSSL versions that are vulnerable to CVE-2016-0703 in under a minute using a single PC. Even for servers that don’t have these particular bugs, the general variant of the attack, which works against any SSLv2 server, can be … Servertastic - OpenSSL Vulnerability TLS heartbeat read
Heartbleed: how to reliably and portably check the OpenSSL
Aug 22, 2018 Severe Vulnerability Leaks Memory In A Heartbeat Function Apr 09, 2013 Heartbleed - Wikipedia