It is a weakness caused by the vulnerability in OpenSSL's library. When this vulnerability is exploited, unauthorized access to the 64kb instant memory space can be accessed on the Server or Client. In this way, all of the data that is said to be encrypted on the RAM memories of the server can be read.
OpenSSL, which enables data to be sent and received in encrypted form for secure communication, sends a HeartBeat message that reflects the data back to verify that the data was received correctly during communication. The attacker sends 1KB of data to the Server & Client where this weakness exists, but tricks it by telling that Server & Client has 64KB of data to check and mirror the data, that is, "HeartBeat". The system then reflects back 64KB of data to the attacker.
Heartbleed attack can be avoided by validating the message length and ignoring packages asking for more data than their payload needs.