Memory Exhaustion Vulnerability in Facebook Fizz Product
CVE-2019-11924
7.5HIGH
What is CVE-2019-11924?
A vulnerability in Facebook's Fizz product allows a peer to send empty handshake fragments that contain only padding. This issue can lead to memory exhaustion as these fragments remain in memory until a complete handshake is received. Affected versions include Fizz from v2019.01.28.00 until v2019.08.05.00, posing a risk for applications using this library.
Affected Version(s)
fizz v2019.08.12.00
fizz v2019.01.28.00