FelixJun 26, 2023
@jbzfn "... It was here that Cloudflare not only returned the requested website but also cookies, keys, and other sensitive customer data. This is what it would look like. If you knew where to look, plenty of useful information could be extracted from the leaked memory. Full HTTPS requests, IP addresses, responses, passwords, and who knows how long this exploit has been out there. ..."
Show threadFelixJun 26, 2023
@jbzfn "... Bad actors could have already compromised thousands of companies. And Cloudflare's monitoring evidently did not self-detect this issue, as a third party had to identify it and reach out to them. Data leakage like this can come with hefty consequences: FTC fines, lawsuits, increased audits. ..."
And, as always, beware the google cache!
#transcribed #anthiago.com
Show threadFelix
@jbzfn here is the complete writeup: "Incident report on memory leak caused by Cloudflare parser bug
24.02.2017"
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Incident report on memory leak caused by Cloudflare parser bug

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.

The Cloudflare Blog
Jun 26, 2023 at 6:49pmWeb