Anatomy of a data leakage bug – the OpenSSL “heartbleed” buffer overflow

An information disclosure vulnerability has been found, and promptly patched, in OpenSSL.

Paul Ducklin takes a look at what went wrong in the code…