34 matches found
CVE-2019-11924
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00...
EUVD-2019-3582
Malware in sbrugna...
EUVD-2023-27845
Malicious code in bioql PyPI...
Fedora: Security Advisory (FEDORA-2023-acbee8f31a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-acbee8f31a)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-acbee8f31a advisory. Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 Tenable has extracted the preceding description block directly...
Fedora: Security Advisory for fizz (FEDORA-2023-7934802344)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: fizz-2023.10.16.00-1.fc39
Fizz is a TLS 1.3 implementation. Fizz currently supports TLS 1.3 drafts 28, 26 both wire-compatible with the final specification, and 23. All major handshake modes are supported, includ ing PSK resumption, early data, client authentication, and HelloRetryRequest...
Fedora: Security Advisory for fizz (FEDORA-2023-2a9214af5f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for fizz (FEDORA-2023-17efd3f2cd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: fizz-2023.10.16.00-1.fc38
Fizz is a TLS 1.3 implementation. Fizz currently supports TLS 1.3 drafts 28, 26 both wire-compatible with the final specification, and 23. All major handshake modes are supported, includ ing PSK resumption, early data, client authentication, and HelloRetryRequest...
[SECURITY] Fedora 37 Update: fizz-2023.10.16.00-1.fc37
Fizz is a TLS 1.3 implementation. Fizz currently supports TLS 1.3 drafts 28, 26 both wire-compatible with the final specification, and 23. All major handshake modes are supported, includ ing PSK resumption, early data, client authentication, and HelloRetryRequest...
Fedora 37 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-2a9214af5f)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-2a9214af5f advisory. Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 Tenable has extracted the preceding description block directly...
Fedora 38 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-17efd3f2cd)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-17efd3f2cd advisory. Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 Tenable has extracted the preceding description block directly...
CVE-2023-23759
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process impact is limited to...
CVE-2023-23759
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process impact is limited to...
CVE-2023-23759
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process impact is limited to...
Design/Logic Flaw
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process impact is limited to...
CVE-2023-23759
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process impact is limited to...
CVE-2023-23759
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process impact is limited to...
CVE-2023-23759
Fizz library vulnerability CVE-2023-23759: A CHECK failure can be remotely triggered when the client-supported cipher advertisement changes between the original and a second ClientHello, crashing the process and causing denial of service. Affected versions are fizz prior to v2023.01.30.00. Remedi...