Lucene search

GoogleOSV:CVE-2023-23759

HistoryMay 18, 2023 - 10:15 p.m.

CVE-2023-23759

2023-05-1822:15:09

Google

osv.dev

vulnerability

fizz library

remote

check failure

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).

CPENameOperatorVersion
fizzeq2022.07.04.00
fizzeq2020.08.31.00
fizzeq2019.04.01.00
fizzeq2020.08.24.00
fizzeq2021.08.23.00
fizzeq2022.05.02.00
fizzeq2022.11.28.00
fizzeq2022.04.18.00
fizzeq2019.08.26.00
fizzeq2019.05.27.00

Name	Operator	Version
fizz	eq	2022.07.04.00
fizz	eq	2020.08.31.00
fizz	eq	2019.04.01.00
fizz	eq	2020.08.24.00
fizz	eq	2021.08.23.00
fizz	eq	2022.05.02.00
fizz	eq	2022.11.28.00
fizz	eq	2022.04.18.00
fizz	eq	2019.08.26.00
fizz	eq	2019.05.27.00

Rows per page:

1-10 of 2211

References

github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265

www.facebook.com/security/advisories/cve-2023-23759

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

Related for OSV:CVE-2023-23759