Heartbleed: A Case Study on the Minor Bug that Caused a Massive Security Vulnerability
Advisor(s)
Dr. Ian Kropp
Confirmation
1
Document Type
Paper
Location
ONU McIntosh Center; Dean's Heritage Room
Start Date
8-4-2025 2:30 PM
End Date
8-4-2025 2:45 PM
Abstract
Technology has been substantially evolving throughout the 21st century with a generous range of software that improve and increase the efficiency of everyday tasks. With new opportunities and discoveries in the computing world to use for the welfare of the people comes the antithesis of malicious attackers looking to prey on vulnerabilities. One of the most relevant examples of a seemingly small bug that cost millions of dollars and sensitive information is the Heartbleed vulnerability in 2014. Heartbleed is a security vulnerability in OpenSSL, a library that is the key to encrypting information on the web and protecting the data of millions across the globe. Through a request of information, a memory buffer of the size of data requested would be allocated. However, software engineers mistakenly omitted a statement to ensure the information returned truly matched the size requested. Hackers found that with a heartbeat, or a request of information from a web server, they could utilize the vulnerability to request and access more data than they were authorized to, essentially making the request “bleed”. Thus, sensitive data such as passwords, banking information, or social security numbers were discovered by the wrong hands through a small bug in the system. Researching the timeline, detrimental effects, and methods of mitigating damage of the Heartbleed vulnerability is necessary to prevent future losses due to unsecure coding practices. A small bug can be all the difference between a safe internet browser experience and thousands of users’ confidential information being leaked to the internet.
Recommended Citation
Lyons, Maria K., "Heartbleed: A Case Study on the Minor Bug that Caused a Massive Security Vulnerability" (2025). ONU Student Research Colloquium. 21.
https://digitalcommons.onu.edu/student_research_colloquium/2025/Papers/21
Open Access
Available to all.
Heartbleed: A Case Study on the Minor Bug that Caused a Massive Security Vulnerability
ONU McIntosh Center; Dean's Heritage Room
Technology has been substantially evolving throughout the 21st century with a generous range of software that improve and increase the efficiency of everyday tasks. With new opportunities and discoveries in the computing world to use for the welfare of the people comes the antithesis of malicious attackers looking to prey on vulnerabilities. One of the most relevant examples of a seemingly small bug that cost millions of dollars and sensitive information is the Heartbleed vulnerability in 2014. Heartbleed is a security vulnerability in OpenSSL, a library that is the key to encrypting information on the web and protecting the data of millions across the globe. Through a request of information, a memory buffer of the size of data requested would be allocated. However, software engineers mistakenly omitted a statement to ensure the information returned truly matched the size requested. Hackers found that with a heartbeat, or a request of information from a web server, they could utilize the vulnerability to request and access more data than they were authorized to, essentially making the request “bleed”. Thus, sensitive data such as passwords, banking information, or social security numbers were discovered by the wrong hands through a small bug in the system. Researching the timeline, detrimental effects, and methods of mitigating damage of the Heartbleed vulnerability is necessary to prevent future losses due to unsecure coding practices. A small bug can be all the difference between a safe internet browser experience and thousands of users’ confidential information being leaked to the internet.