QUIC action: patching a broadcast address amplification vulnerability
ID: e2296dad-c277-536b-b1f9-ad76a75ec3ec
STIX ID: report--e2296dad-c277-536b-b1f9-ad76a75ec3ec
Feed Name: Cloudflare Blog
Cloudflare disclosed and patched a QUIC broadcast-amplification vulnerability discovered by external researchers: sending a QUIC Initial packet to an anycast broadcast address could cause every worker process bound via SO_REUSEPORT to the loopback anycast range to respond, producing large reflection and server-CPU amplification. Cloudflare mitigated the issue at scale by removing broadcast routes from the loopback local routing table and recommends operators audit multi-listener UDP services and anycast loopback bindings to avoid similar local amplification vectors.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.