CVE-2018-6343
https://notcve.org/view.php?id=CVE-2018-6343
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00. Proxygen no logra validar que un gestor de autenticación secundario sea fijado antes de desreferenciarse. Esto podría provocar una denegación de servicio (DoS) cuando se analiza un frame HTTP2 "Certificate/CertificateRequest" sobre un transporte del tipo fizz (TLS 1.3). • https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •