The Cloudflare Blog

Subscribe to receive notifications of new posts:

New OpenSSL vulnerabilities: CloudFlare systems patched

2014-06-05

John Graham-Cumming

1 min read

The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today.

[

](http://ccsinjection.lepidum.co.jp/)

The most serious of these is a potential on-path attack CVE-2014-0224 which is being referred to as CCS Injection. Both Google's Adam Langley and the original reporter of the problem have write ups that give more technical detail.

We have applied the required patch to all CloudFlare servers and customers are protected against CVE-2014-0224 and all the other vulnerabilities announced today.

Everyone who uses OpenSSL in their software or on their server should upgrade as soon as possible; the OpenSSL team has released new versions today.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

OpenSSL Vulnerabilities Reliability SSL

Follow on X

Cloudflare|@cloudflare

December 11, 2025 4:20 PM

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is protecting customers. ...

Cloudforce One

Vulnerabilities, Threat Intelligence, Research

December 03, 2025 2:20 PM

Cloudflare WAF proactively protects against React vulnerability

Cloudflare offers protection against a new high profile vulnerability for React Server Components: CVE-2025-55182. All WAF customers are automatically protected as long as the WAF is deployed....

Daniele Molteni

Cloudforce One, WAF, Web Application Firewall, Vulnerabilities, CVE, React

October 29, 2025 1:00 PM

Defending QUIC from acknowledgement-based DDoS attacks

We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the "Optimistic ACK" attack vector and our solution, which dynamically skips packet numbers to validate client behavior. ...

Research, QUIC, Protocols, Vulnerabilities, Security

September 25, 2025 2:00 PM

Safe in the sandbox: security hardening for Cloudflare Workers

We are further hardening Cloudflare Workers with the latest software and hardware features. We use defense-in-depth, including V8 sandboxes and the CPU's memory protection keys to keep your data safe....

Erik Corry,
Ketan Gupta

Cloudflare Workers, Birthday Week, Attacks, Engineering, Linux, Malicious JavaScript, Security, Vulnerabilities