CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23759
https://notcve.org/view.php?id=CVE-2023-23759
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). • https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265 https://www.facebook.com/security/advisories/cve-2023-23759 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11924
https://notcve.org/view.php?id=CVE-2019-11924
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00. Un peer podría enviar fragmentos vacíos de negociación que contienen solo relleno (paddig) que se mantendrían en la memoria hasta que se recibiera una negociación completa, resultando en el agotamiento de la memoria. Este problema afecta a las versiones v2019.01.28.00 y superiores de fizz, hasta la versión v2019.08.05.00. • https://github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52f https://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b https://www.facebook.com/security/advisories/cve-2019-11924 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3560 – Facebook Fizz Denial Of Service
https://notcve.org/view.php?id=CVE-2019-3560
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. Un cálculo de longitud realizado incorrectamente en un búfer en PlaintextRecordLayer podría conducir a un bucle infinito y a una denegación de servicio basada en la entrada del usuario. Este problema afectaba a las versiones de fizz anteriores a la v2019.03.04.00. Facebook Fizz suffered from a remotely triggerable infinite loop denial of service condition due to an integer overflow. • http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2 • CWE-131: Incorrect Calculation of Buffer Size CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •