Denial of Service Vulnerability in Proxygen by Facebook
CVE-2018-6343

7.5HIGH

Key Information:

Vendor: Facebook
Status: Proxygen
Vendor: CVE Published:; 31 December 2018

What is CVE-2018-6343?

Proxygen, a library developed by Facebook, has a vulnerability that arises from its failure to validate the existence of a secondary authentication manager before attempting to reference it. This oversight can lead to a denial of service during the parsing of Certificate and CertificateRequest HTTP2 Frames over TLS 1.3 transport. The issue has affected Proxygen releases from version v2018.10.29.00 up until the resolution provided in version v2018.11.19.00. Users should ensure they are running the patched version to avoid potential service disruptions.

Affected Version(s)

Proxygen v2018.11.19.00

Proxygen v2018.10.29.00

Proxygen < unspecified

References

https://github.com/facebook/proxygen/commit/0600ebe59c3e8...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2018
Vulnerability Reserved
Jan 26, 2018