Was Site Affected by Bug?


#1

Forgive me if this is the wrong place to ask this. If it is, please answer me via private messages.

On September 19, 2016 I was using a site on the Cloudflare network, when my account on that site was accessed by an unauthorized user, possibly under cookie related circumstances. I say this because the site stated my account was logged in from a familiar location, but my computer was not connected to any power source at the time of the activity. I recently became aware of the Cloudflare memory leak bug that was patched in February 2017, but can be traced back to September 22, 2016. Is there a possibility that my account was affected by this bug even though the incident happened three days prior to the earliest known instance of the bug?


#2

@maark hi!

possibly under cookie related circumstances

Are you sure about that?, the bug solved under 7 hours with an initial mitigation in 47 minutes. The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests). As CloudFlare detailed explained here
If you got server access, you can examine your system’s logs, and get a better image of the situation.