Memory corruption

2019-08-2020:15:00

PRIOn knowledge base

www.prio-n.com

0.002 Low

EPSS

Percentile

61.2%

JSON

A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.

CPENameOperatorVersion
fizzge2019.01.28.00
fizzle2019.08.05.00

CPE	Name	Operator	Version
	fizz	ge	2019.01.28.00
	fizz	le	2019.08.05.00

References

github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52f

github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b

www.facebook.com/security/advisories/cve-2019-11924

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for PRION:CVE-2019-11924