SESSION Session 3A: Network Security 1  Authors, Creators & Presenters: Shencha Fan (GFW Report), Jackson Sippe (University of Colorado Boulder), Sakamoto San (Shinonome Lab), Jade Sheffey (UMass Amherst), David Fifield (None), Amir Houmansadr (UMass Amherst), Elson Wedwards (None), Eric Wustrow (University of Colorado Boulder) PAPER Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China We present textit(Wallbleed), a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall's well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor's operational behaviors. To understand the causes and implications of Wallbleed, we conducted longitudinal and Internet-wide measurements for over two years from October 2021. We (1) reverse-engineered the injector's parsing logic, (2) evaluated what information was leaked and how Internet users inside and outside of China were affected, and (3) monitored the censor's patching behaviors over time. We identified possible internal traffic of the censorship system, analyzed its memory management and load-balancing mechanisms, and observed process-level changes in an injector node. We employed a new side channel to distinguish the injector's multiple processes to assist our analysis. Our monitoring revealed that the censor coordinated an incorrect patch for Wallbleed in November 2023 and fully patched it in March 2024. Wallbleed exemplifies that the harm censorship middleboxes impose on Internet users is even beyond their obvious infringement of freedom of expression. When implemented poorly, it also imposes severe privacy and confidentiality risks to Internet users. ABOUT NDSS The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.  Permalink

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

Researchers discovered Wallbleed, a buffer over-read vulnerability in China's Great Firewall DNS injection system that leaked up to 125 bytes of memory when processing crafted DNS queries. Through two years of measurements starting October 2021, they reverse-engineered the censorship infrastructure, analyzed leaked data affecting users globally, and tracked patching attempts. The vulnerability exposed internal architecture details, memory management mechanisms, and load-balancing systems. An incorrect patch was deployed in November 2023, with full remediation completed in March 2024. The research demonstrates how poorly implemented censorship systems create privacy and confidentiality risks beyond their intended purpose of restricting information access.

NDSS 2025 – Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China