OpenSSL clients process heartbeats using the same vulnerable functions. The same memcpy() overread allows malicious servers to read blocks of client memory. In internal testing we were able to extract memory from several client programs such as curl and wget. Research into other clients that link against the vulnerable versions of OpenSSL continues. We have released detection for the client side attack in SIDs 30520 through 30523. All Heartbleed rules have been added to the community ruleset – because we care.”]
Source: https://blog.talosintelligence.com/2014/04/heartbleed-continued-openssl-client.html