in the library could affect many unrelated applications at once, while major API or ABI changes could require coordinated work by operating-system distributions, language runtimes, and application maintainers.

Heartbleed and post-2014 reform

On April 7, 2014, OpenSSL disclosed Heartbleed, a bounds-checking error in the implementation of the TLS heartbeat extension. The bug was assigned the identifier CVE-2014-0160, affected OpenSSL 1.0.1 through 1.0.1f, and allowed an attacker to read up to 64 KB of memory from a vulnerable

1.Previous
3.Next