image tagPosted by seerer on August 20th, 2021 While the above condition was testing for buffer end, it was generating a bug in that the result at one point, p would be greater than pe and would result in buffer skipping to the next buffer and accessing all the private data i.e. HTTP sessions and IP addresses, among other confidential user data would be returned and sent. The Nginx server had been handling the error in the Ragel parser. Introduction of the cf-HTML caused the bug to manifest itself and tipped off Tavis. Also, when the parser came across unfinished HTML tags, in particular, an image tag like the one shown below, the error would be triggered. Which would cause access of the other memory leaking another website data. The following is an example of a webpage said to have For the leak to happen the displayed website a combination of the flaws, and during the adoption of the cf-html about 0.00003 of the websites were affected. These is a huge number considering In about 3.3 million websites one was affected while cloudflare provides services to over 7 million websites. ghost writer for hire online Like it? Share it!More by this author |