Описание
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2018.10.29.00 (включая) до 2018.11.19.00 (исключая)
cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00271
Низкий
7.5 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-476
CWE-20
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.
EPSS
Процентиль: 50%
0.00271
Низкий
7.5 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-476
CWE-20