Background Information:

  • server private key
  • confidential data like usernames, passwords and other personal information

Analysing the Bug

  • The server constructs a pointer(memory location) to the heartbeat record
  • It then copies the length of the data sent by a user into a variable(called payload)
  • The length of this data is unchecked
  • The server then allocates memory in the form of:
  • 1 + 2 + payload + padding(this can be maximum of 1 + 2 + 65535 + 16)
  • The server then creates another pointer(bp) to access this memory
  • The server then copies payload number of bytes from data sent by the user to the bp pointer
  • The server sends the data contained in the bp pointers to the user


  • The server needs to check that the length of the heartbeat message sent by the user isn’t 0
  • The server needs to check the the length doesn’t exceed the specified length of the variable that holds the data


Protecting Data In Transit:

  1. What is the flag?




CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Messages About iMessages but Not From Apple

I complained to Lufthansa. Then the phishing started.

Social Engineering — Today’s Number 1 Option for Unauthorised Access

The InfoSec Pro’s Guide to Surviving Thanksgiving

InfoSecSherpa’s News Round Up for Wednesday, October 20, 2021

{UPDATE} 2048! Mania Hack Free Resources Generator

Cyberclassic Reached a Partnership on Integrate with Berry Oracle

Host Your Own Site with MEW: Introducing IPFS Support for .ETH and .CRYPTO Domains

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

More from Medium

Why NFTs aren’t the Future

The Art of Developing A Grateful Mind

Picture from @MorelPublishing