Heartbleed is a critical bug in OpenSSL that allows attackers to read portions of an affected server's memory. It impacts OpenSSL versions 1.0.1 and 1.0.2. The bug is in the OpenSSL implementation of the TLS/DTLS heartbeat extension, which is supposed to keep connections alive but can be exploited to read server memory. This allows attackers to eavesdrop on encrypted communications, access sensitive server data like passwords, and impersonate users and services. The fix is to upgrade OpenSSL and change passwords for affected websites and services.