Buffer Mismanagement in Facebook Fizz Product
CVE-2019-3560
7.5HIGH
What is CVE-2019-3560?
A vulnerability in the Facebook Fizz product arises from an improperly executed length calculation on a buffer within the PlaintextRecordLayer. This flaw can result in an infinite loop when untrusted user input is processed, leading to a denial-of-service condition. Versions prior to v2019.03.04.00 are particularly affected, highlighting the need for prompt updates to mitigate potential disruptions.
Affected Version(s)
fizz v2019.03.04.00
fizz < unspecified