34 matches found
PT-2023-19183 · Unknown · Fizz Library
Name of the Vulnerable Software and Affected Versions: fizz library versions prior to v2023.01.30.00 Description: The issue is related to a CHECK failure that can be triggered remotely in the fizz library. This behavior occurs when the client-supported cipher advertisement changes between the...
fizz 安全漏洞
fizz is a TLS implementation written in C++. A security vulnerability exists in versions prior to fizz v2023.01.30.00, which stems from a client-supported password advertisement that changes between the original ClientHello and a second ClientHello, causing a process crash...
SUSE CVE-2019-3560
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00...
Facebook Fizz Integer Overflow Denial of Service (CVE-2019-3560)
A denial-of-service vulnerability exists in Facebook Fizz. The vulnerability is due to an integer overflow in the handling of TLS 1.3 early data requests. A successful attack could create a denial of service condition to the Discovery service...
Memory corruption
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00...
CVE-2019-3560
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00...
CVE-2019-3560
CVE-2019-3560 affects the Facebook Fizz component, specifically a bug in the PlaintextRecordLayer where an improper length calculation can cause an infinite loop, leading to a denial-of-service based on user input. Affected versions are fizz prior to v2019.03.04.00. The issue’s root cause is a fa...
CVE-2019-3560
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00...
PT-2019-16609 · Fizz · Fizz
Name of the Vulnerable Software and Affected Versions: fizz versions prior to v2019.03.04.00 Description: The issue is related to an improperly performed length calculation on a buffer in PlaintextRecordLayer, which could lead to an infinite loop and denial-of-service based on user input...
Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
A critical denial-of-service DoS vulnerability in Facebook’s open-source implementation of the transport layer security TLS 1.3 protocol could cause an infinite loop – thus disrupting any web service that relies on it. Kevin Backhouse, a researcher at Semmle, discovered the bug in the project...
Design/Logic Flaw
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...
PT-2018-17491 · Facebook · Proxygen
Name of the Vulnerable Software and Affected Versions: Proxygen versions v2018.10.29.00 through v2018.11.19.00 Description: The issue is related to the failure of Proxygen to validate that a secondary auth manager is set before dereferencing it, which can cause a denial of service issue. This...
Facebook Open Sources Fizz — TLS 1.3 Library For Speed and Security
Facebook has open sourced Fizz—a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations. Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make th...
Facebook Open Sources Fizz — TLS 1.3 Library For Speed and Security
Facebook has open sourced Fizz—a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations. Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make th...