CloudBleed: Cloudflare Parser Bug Causes Memory Leak

Headline: CloudBleed: Cloudflare Parser Bug Causes Memory Leak

A vulnerability affecting Cloudflare, a popular Content Delivery Network (CDN), could cause a buffer overrun which could result in leaked memory that exposes a user’s private information.

Cloudflare is a popular CDN used by millions of sites including Uber, Yelp, OKCupid, and FitBit. Three minor features used in Cloudflare’s proxy servers used a flawed HTML parser. This caused an unknown amount of memory to be leaked from Cloudflare edge servers in response to HTTP requests.

The types of data possibly leaked could include a user’s passwords, keys, tokens, and cookies. The vulnerable features have now been disabled, but the memory leaks have been ongoing for months, from September 22, 2016 through February 18, 2017. Some of the leaked data was cached by search engines like Google, Yahoo, and Bing as web-scraping tools making the data searchable, but Cloudflare reports that “The leaked memory has been purged with the help of the search engines.”

Bottom Line: Change your passwords today if you have accounts with any of the sites listed here. Consider enabling 2- factor authentication when available.

Sources:

Cloudflare, Incident report on memory leak caused by Cloudflare parser bug. Threatpost, CLOUDFLARE BUG LEAKS SENSITIVE DATA. DarkReading, Cloudflare Leaked Web Customer Data For Months. Rapid7 Community, The Cloudflare (Cloudbleed) Proxy Service Vulnerability Explained GitHub, List of Sites possibly affected by Cloudflare’s #Cloudbleed HTTPS Traffic Leak. Gizmodo, Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster. SANS ISC InfoSec Forums, Cloudflare data leak…what does it mean to me?.