Improper Alert Handling in Folly by Facebook
CVE-2019-11934

9.8CRITICAL

Key Information:

Vendor: Facebook
Status: Folly
Vendor: CVE Published:; 4 December 2019

What is CVE-2019-11934?

The vulnerability in Facebook's Folly library arises from improper handling of close_notify alerts, leading to a potential out-of-bounds read in AsyncSSLSocket. This issue affects all versions of Folly prior to v2019.11.04.00, posing a security risk that must be addressed by upgrading to the patched version to ensure continued integrity and security in applications using this library.

Affected Version(s)

folly v2019.11.04.00

folly < unspecified

References

https://github.com/facebook/folly/commit/c321eb588909646c...

x_refsource_MISC

https://www.facebook.com/security/advisories/cve-2019-11934

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2019
Vulnerability Reserved
May 13, 2019