@kallus What could possibly be the purpose of having a variable length in a heartbeat packet other than to introduce this gaping security hole? Either someone was forced to introduce this bug, turned, or paid. Accidentally introducing this bug would be incredibly careless for an intermediate programmer, and just downright stupid for anyone who has commit access on OpenSSL. This is a classic buffer overflow that anyone with 300-level Computer Science knowledge should know better than to introduce. Of course this will never be investigated because we can all make a very good guess as to who was probably behind it..