Disclaimer: This information I’ve found appears to show that Peercoin 0.3 and Peercoin 0.4 is not affected by this bug unless you allow access to your RPCPORT 9902 from the internet. Please do your own research to be sure.
This bug is CVE-2014-0160 which affects a lot of software that uses OpenSSL 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1)
Concerning Bitcoin 0.9.0 there is a “Payment Protocol feature” that appears in Bitcoin 0.9.0 called BIP70
This Payment Protocol feature is NOT in Peercoin 0.4 (Luckily we’re behind a few releases, here’s where Sunny was smart, we can debate this later).
I have confirmed by looking at the text in the code, that the ppcoind.ese 0.3 and 0.4 win32 binaries use OpenSSL 1.0.1b (which is affected).
The concern for Peercoin specifically is if you are allowing your RPCPORT (usually port 9902) to be accessed externally. I don’t know if that is all it would take, but generally you do not want port 9902 connections inbound from your router.
To check if you have port 9902 accessible by the internet (the default RPC Port for Peercoin) do this
Go here:
http://www.yougetsignal.com/tools/open-ports/
Change port 80 to port 9902 and push Check.
If it says the port is closed, then that means nothing can communicate with your Peercoin client on port 9902 (RPC) and you are probably safe from this problem.
So while you may be safe on Peercoin, you must check all other coin wallets you hold, especially those built on a fork from Bitcoin-core 0.9.0
Any other software that has OpenSSL 1.0.1 to 1.0.1f static library support compiled in should re-compile or obtain a new pre-built binary.
As per the OpenSSL website:
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.