Heart bleeding loopholes
Heart bleeding bug (English: Heartbleed bug), also referred to as vicious loopholes, is a program that appears in the encryption library OpenSSL error, first disclosed in April 2014. The library is widely used to implement the Internet's Secure Sockets Layer (TLS) protocol. As long as the use of the existence of a defective OpenSSL instance, whether the server or the client, may be attacked. This problem is caused by the absence of proper verification of the input (lack of boundary checking) when implementing TLS heartbeat expansion, so the name of the vulnerability is derived from the "heartbeat". Vulnerability caused by the buffer over read, that can read the data than should be allowed to read more. Cardiac bleeding is numbered CVE-2014-0160 in the Common Vulnerability Disclosure (CVE) system. Canada Network Accident Response Center issued a security bulletin to remind the system administrator to pay attention to loopholes. OpenSSL released the restored version on April 7, 2014, the same day that the vulnerability was publicly disclosed. ...