A team of researchers has discovered a memory-leaking vulnerability in China’s Great Firewall (GFW), dubbed “Wallbleed.” This flaw allows hackers to extract up to 125 bytes of sensitive data from the GFW’s equipment, revealing insights into the censorship system.
The GFW is Beijing’s method for blocking Chinese citizens from visiting foreign websites and slowing internet traffic between China and foreign countries. The system employs various techniques to monitor netizens’ online activities and censor their web.
Wallbleed lies within the DNS injection subsystem of the GFW, which generates forged DNS responses when a user tries to visit banned websites. The vulnerability is triggered by a bug in China’s DNS query parser that returns additional memory data under specific conditions.
The researchers used Wallbleed to extract plain-text network traffic data and infer details about the GFW’s CPU architecture, including its x86_64 design. They also observed two attempts to patch the vulnerability between 2023 and 2024.
According to the researchers, Wallbleed demonstrates that censorship middleboxes can severely violate users’ privacy and confidentiality beyond direct censorship harm.
Source: https://www.theregister.com/2025/02/27/wallbleed_vulnerability_great_firewall