A story of leaking uninitialized memory from Fastly by Emil | PT SWARM
A storyof leaking uninitialized memory from Fastly
by Emil Lerner
This post will go through a QUIC (HTTP/3) implementation bug in the H2O webserver. The bug is pretty interesting as it affected Fastly in a way that it allowed stealing random requests and responses from uninitialized memory of its’ nodes, somewhat similar to CloudBleed
Contents: • Setting up a test environment • Detecting which software is used • QUIC streams • Data transfer • The bug • The exploit plan • Exploitation • Disclosure • Conclusion
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...