SAT News: Buffer Overflow Vulnerability in Cloudflare Infrastructure

Cloudbleed graphic

Cloudbleed, a vulnerability discovered by Tavis Ormandy of Google’s Project Zero security team, is the latest in major security breaches.

This breach involves Cloudflare, an internet security company that acts as a proxy between the user and web server, which caches content for websites that sit behind its global network. This lowers the number of requests to the original host server by parsing content via Cloudflare’s edge server for optimization and security.

Cloudbleed is a buffer overflow issue within Cloudflare’s edge servers that were running past the end of a buffer and returning memory containing private data like HTTP cookies, authentication tokens, and HTTP POST bodies.

This breach can be blamed on a simple typo found in the source code of the Cloudflare HTML Parser component, which is a module the company uses to read the source code of a website, which then passes to other modules in order to rewrite content based upon the account settings designated by the user.

This typo was “>=” rather than “==”, which led to the buffer overflow, dumping the content of Cloudflare’s server memory into the client’s HTTP requests.

Cloudflare hosts Uber, OK Cupid, and Fitbit. According to Cloudflare’s website, they are also “trusted by” companies such as Cisco, Nasdaq, Zendesk, Salesforce Commerce Cloud, Quizlet, BainCapital, and Discord.

Although this was discovered within the last two weeks, Cloudflare has stated that websites have been leaking data for months prior, with the earliest data leak dating back to September of 2016. They did act quickly to remediate the issue once it was brought to their attention.

“It’s unclear at this point if black hat hackers had already found the vulnerability and exploited it before the code was fixed, and with any major vulnerability it will take some time before this information is discovered and fully released,” said Shawn Pope, Security Analytics Team member at Nuspire. “For now, you should change your passwords and implement two-factor authentication wherever possible.”

For more information on how to keep your data safe, click here.

Nuspire Insights

Nuspire Infographic

Contact Us


Nuspire Infographic

Contact Us