CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3563
https://notcve.org/view.php?id=CVE-2019-3563
Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00 El decodificador LineBasedFrameDecoder de Wangle contiene lógica para identificar nuevas líneas que avanzan incorrectamente un búfer, lo que conduce a un posible desbordamiento. Esto afecta a las versiones de Wangle anteriores a la v2019.04.22.00 • https://github.com/facebook/wangle/commit/5b3bceca875e4ea4ed9d14c20b20ce46c92c13c6 • CWE-126: Buffer Over-read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3560 – Facebook Fizz Denial Of Service
https://notcve.org/view.php?id=CVE-2019-3560
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. Un cálculo de longitud realizado incorrectamente en un búfer en PlaintextRecordLayer podría conducir a un bucle infinito y a una denegación de servicio basada en la entrada del usuario. Este problema afectaba a las versiones de fizz anteriores a la v2019.03.04.00. Facebook Fizz suffered from a remotely triggerable infinite loop denial of service condition due to an integer overflow. • http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2 • CWE-131: Incorrect Calculation of Buffer Size CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3554
https://notcve.org/view.php?id=CVE-2019-3554
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00 AcceptRoutingHandler, de Wangle, convierte incorrectamente un socket al aceptar una conexión TLS 1.3, lo que conduce a un potencial ataque de denegación de servicio (DoS) contra los sistemas que aceptan tales conexiones. Esto afecta a las versiones de Wangle anteriores a la v2019.01.14.00. • https://github.com/facebook/wangle/commit/3b17ba10a82c71e7808760e027ac6af687e06074 • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6345
https://notcve.org/view.php?id=CVE-2018-6345
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below). La función number_format es vulnerable a un problema de desbordamiento de memoria dinámica (heap) cuando su segundo argumento ($dec_points) es excesivamente largo. La implementación interna de la función provocará que se cree una cadena con una longitud inválida, que puede interactuar pobremente con otras funciones. • https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3 https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3557
https://notcve.org/view.php?id=CVE-2019-3557
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). Las implementaciones de los flujos para bz2 y php://output implementaron incorrectamente sus funciones readImpl, devolviendo -1 constantemente. • https://github.com/facebook/hhvm/commit/6e4dd9ec3f14b48170fc45dc9d13a3261765f994 https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html • CWE-125: Out-of-bounds Read •