Comment by tr32q423

8 years ago

The root cause is apparently coming from auto-generated code that causes buffer overrun:

    /* generated code */
    if ( ++p == pe )
        goto _test_eof;

With the help of Google, Yahoo, Bing and others, we found 770 unique URIs that had been cached and which contained leaked memory. Those 770 unique URIs covered 161 unique domains.

The examples in the report shows Uber, okcupid , etc. It would be good to know the full list, to know what password might have been compromised.

https://blog.cloudflare.com/incident-report-on-memory-leak-c...

1 comment

tr32q423

nikisweeting 8 years ago

We're working on getting a full list up here: https://github.com/pirate/sites-using-cloudflare

I'm currently just searching the Alexa top 10,000 doing DNS scraping, but I'll updating it with reverse resolves from cloudflare.com/ips/ next.