zlacker

[return to "Cloudflare outage on December 5, 2025"]
1. rany_+k8[view] [source] 2025-12-05 16:07:37
>>meetpa+(OP)
> As part of our ongoing work to protect customers using React against a critical vulnerability, CVE-2025-55182, we started rolling out an increase to our buffer size to 1MB, the default limit allowed by Next.js applications.

Why would increasing the buffer size help with that security vulnerability? Is it just a performance optimization?

◧◩
2. boxed+A9[view] [source] 2025-12-05 16:11:47
>>rany_+k8
I think the buffer size is the limit on what they check for malicious data, so the old 128k would mean it would be trivial to circumvent by just having 128k ok data and then put the exploit after.
[go to top]