Earlier versions of the popular OpenSSL library suffer from a buffer overflow in its "heartbeat" code. Because of the location of the problematic code, this vulnerability is often called "Heartbleed".
Software that includes a copy of OpenSSL should be sure to use a current version of the library. If it uses an older version, it will be vulnerable to any network site it connects with.
Upgrade to the latest version of OpenSSL. This problem was fixed in version 1.0.1g.
The following code is present in earlier versions of
payload variable is the number of bytes that
should be copied from the request back into the response. The call
memcpy does this copy. The problem is
payload is supplied as part of the remote request,
and there is no code that checks the size of it. If the caller
supplies a very large value, then the
memcpy call will
copy memory that is outside the request packet.