Proxygen Security Vulnerabilities and Issues — Proxygen CVE List

FacebookProxygen

7 matches found

CVE•added 2023/10/10 12:0 a.m.•5219 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.944EPSS

In wild

CVE•added 2019/07/25 8:38 p.m.•143 views

CVE-2019-11921

The CVE-2019-11921 issue affects Facebook Proxygen prior to version 2019.07.22.00, where an out-of-bounds write can be triggered by a specially crafted network packet due to improper Base64 handling when parsing malformed binary content in Structured HTTP Headers. Affected components are within P...

9.8CVSS9.3AI score0.00488EPSS

CVE•added 2020/05/18 9:30 p.m.•94 views

CVE-2020-1897

CVE-2020-1897 affects Facebook Proxygen (open‑source C++ HTTP libraries). The issue is a use‑after‑free caused by faulty lifetime management in the request adaptor when a malicious client triggers request error handling in a specific sequence. Affected versions are prior to Proxygen v2020.05.18.0...

9.8CVSS9.3AI score0.00591EPSS

CVE•added 2021/03/15 9:15 p.m.•57 views

CVE-2021-24029

Summary of CVE-2021-24029 (mvfst/proxygen) : A specially crafted QUIC message can trigger a crash via a failed assertion in mvfst, treated as a connection error per QUIC spec. The issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to ...

7.5CVSS7.4AI score0.00468EPSS

CVE•added 2018/12/31 10:0 p.m.•42 views

CVE-2018-6343

CVE-2018-6343 affects Facebook Proxygen. The issue arises when Proxygen fails to validate that a secondary auth manager is set before dereferencing it during parsing of Certificate/CertificateRequest HTTP2 Frames over fizz (TLS 1.3), leading to potential denial of service. Affected versions are v...

7.5CVSS7.3AI score0.00271EPSS

CVE•added 2019/12/04 4:30 p.m.•41 views

CVE-2019-11940

CVE-2019-11940 affects Facebook Proxygen (HTTP/2 HPACK decompression). An unexpected sequence of header-table resize operations can drive the HPACK header table into a corrupted state, causing a use-after-free and undefined behavior. Affected versions: Proxygen from v0.29.0 up to v2017.04.03.00. ...

9.8CVSS9.4AI score0.00418EPSS

CVE•added 2025/12/02 10:13 p.m.•5 views

CVE-2025-55181

The CVE-2025-55181 entry concerns Facebook Proxygen. A flaw in proxygen::coro::HTTPQuicCoroSession causes an infinite loop when processing HTTP request/response bodies larger than 2^31 bytes, blocking the event loop and appending to a std::vector each iteration. This leads to unbounded memory gro...

5.3CVSS6.4AI score0.00024EPSS