Lucene search
K

34 matches found

Positive Technologies
Positive Technologies
added 2023/05/18 12:0 a.m.4 views

PT-2023-19183 · Unknown · Fizz Library

Name of the Vulnerable Software and Affected Versions: fizz library versions prior to v2023.01.30.00 Description: The issue is related to a CHECK failure that can be triggered remotely in the fizz library. This behavior occurs when the client-supported cipher advertisement changes between the...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.6 views

fizz 安全漏洞

fizz is a TLS implementation written in C++. A security vulnerability exists in versions prior to fizz v2023.01.30.00, which stems from a client-supported password advertisement that changes between the original ClientHello and a second ClientHello, causing a process crash...

7.5CVSS7.3AI score0.00723EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.7 views

SUSE CVE-2019-3560

An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00...

7.5CVSS6.9AI score0.0242EPSS
Exploits1References2
Check Point Advisories
Check Point Advisories
added 2019/11/26 12:0 a.m.9 views

Facebook Fizz Integer Overflow Denial of Service (CVE-2019-3560)

A denial-of-service vulnerability exists in Facebook Fizz. The vulnerability is due to an integer overflow in the handling of TLS 1.3 early data requests. A successful attack could create a denial of service condition to the Discovery service...

5CVSS3AI score0.0242EPSS
Exploits1
Prion
Prion
added 2019/08/20 8:15 p.m.20 views

Memory corruption

A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00...

7.8CVSS7.5AI score0.02399EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/04/29 4:29 p.m.27 views

CVE-2019-3560

An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00...

7.5CVSS6.9AI score
Exploits0References3
CVE
CVE
added 2019/04/29 12:0 a.m.83 views

CVE-2019-3560

CVE-2019-3560 affects the Facebook Fizz component, specifically a bug in the PlaintextRecordLayer where an improper length calculation can cause an infinite loop, leading to a denial-of-service based on user input. Affected versions are fizz prior to v2019.03.04.00. The issue’s root cause is a fa...

7.5CVSS7.5AI score0.0242EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/04/29 12:0 a.m.31 views

CVE-2019-3560

An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00...

7.6AI score0.0242EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/04/29 12:0 a.m.8 views

PT-2019-16609 · Fizz · Fizz

Name of the Vulnerable Software and Affected Versions: fizz versions prior to v2019.03.04.00 Description: The issue is related to an improperly performed length calculation on a buffer in PlaintextRecordLayer, which could lead to an infinite loop and denial-of-service based on user input...

7.5CVSS7.8AI score0.0242EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2019/03/22 9:22 p.m.187 views

Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project

A critical denial-of-service DoS vulnerability in Facebook’s open-source implementation of the transport layer security TLS 1.3 protocol could cause an infinite loop – thus disrupting any web service that relies on it. Kevin Backhouse, a researcher at Semmle, discovered the bug in the project...

5CVSS8.3AI score0.0242EPSS
Exploits1References6
Prion
Prion
added 2018/12/31 10:29 p.m.21 views

Design/Logic Flaw

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...

5CVSS7.4AI score0.00834EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2018/12/31 12:0 a.m.7 views

PT-2018-17491 · Facebook · Proxygen

Name of the Vulnerable Software and Affected Versions: Proxygen versions v2018.10.29.00 through v2018.11.19.00 Description: The issue is related to the failure of Proxygen to validate that a secondary auth manager is set before dereferencing it, which can cause a denial of service issue. This...

7.5CVSS7.3AI score0.00834EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2018/08/07 12:7 p.m.2 views

Facebook Open Sources Fizz — TLS 1.3 Library For Speed and Security

Facebook has open sourced Fizz—a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations. Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make th...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/07 12:7 p.m.61 views

Facebook Open Sources Fizz — TLS 1.3 Library For Speed and Security

Facebook has open sourced Fizz—a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations. Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make th...

7AI score
Exploits0
Rows per page
Query Builder