CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23759
https://notcve.org/view.php?id=CVE-2023-23759
18 May 2023 — There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). • https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11924
https://notcve.org/view.php?id=CVE-2019-11924
20 Aug 2019 — A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00. Un peer podría enviar fragmentos vacíos de negociación que contienen solo relleno (paddig) que se mantendrían en la memoria hasta que se recibiera una negociación completa, resultando en el agotamiento de la memoria. Este problema afecta a las versiones v2019.0... • https://github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52f • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-3560 – polkit Authentication Bypass
https://notcve.org/view.php?id=CVE-2019-3560
29 Apr 2019 — An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. Un cálculo de longitud realizado incorrectamente en un búfer en PlaintextRecordLayer podría conducir a un bucle infinito y a una denegación de servicio basada en la entrada del usuario. Este problema afectaba a las versiones de fizz anteriores a la v2019.03.04.00. Facebook Fizz suffered from a re... • https://packetstorm.news/files/id/172836 • CWE-131: Incorrect Calculation of Buffer Size CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •