Описание
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2019.01.28.00 (включая) до 2019.08.05.00 (включая)
cpe:2.3:a:facebook:fizz:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.0051
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
EPSS
Процентиль: 66%
0.0051
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-770