Описание
In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.29.0 (включая) до 2017.04.03.00 (включая)
cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00418
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-416
CWE-416
Связанные уязвимости
github
больше 3 лет назад
In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00.
EPSS
Процентиль: 61%
0.00418
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-416
CWE-416