Описание
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually causes the process to run out of memory.
Уязвимые конфигурации
Конфигурация 1Версия от 2025.08.25.00 (включая) до 2025.12.01.00 (включая)
cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00059
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-834
Связанные уязвимости
CVSS3: 5.3
github
2 месяца назад
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually causes the process to run out of memory.
EPSS
Процентиль: 18%
0.00059
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-834