Background Information:

  • server private key
  • confidential data like usernames, passwords and other personal information

Analysing the Bug

  • The server constructs a pointer(memory location) to the heartbeat record
  • It then copies the length of the data sent by a user into a variable(called payload)
  • The length of this data is unchecked
  • The server then allocates memory in the form of:
  • 1 + 2 + payload + padding(this can be maximum of 1 + 2 + 65535 + 16)
  • The server then creates another pointer(bp) to access this memory
  • The server then copies payload number of bytes from data sent by the user to the bp pointer
  • The server sends the data contained in the bp pointers to the user


  • The server needs to check that the length of the heartbeat message sent by the user isn’t 0
  • The server needs to check the the length doesn’t exceed the specified length of the variable that holds the data


Protecting Data In Transit:

  1. What is the flag?




CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Search Hacks for Google

PrivacySwap Referral Program

InfoSecSherpa’s Weekly Africa InfoSec News Round Up for Week Ending November 29, 2021

Send fake mail to hack your friends

13 Tips for Public Wi-Fi Hotspot Security

✈️ EPNS Partners with Snapshot to Deliver Notifications to Improve Community Governance!

Turbo VPN MOD APK v3.7.4.6 (VIP Unlocked/Fastest Server/AdsFree)


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

More from Medium

Read ECMAScript specification: Number.isNaN vs isNaN

Like What In the Actual F***

A BBRC — Ivy Boys Analysis

Family disputes.