CVE-2018-6343

EPSS 0.27%
Veröffentlicht 31.12.2018 22:29:00
Zuletzt bearbeitet 06.05.2025 16:15:22
Quelle cve-assign@fb.com
Teams Watchlist Login
Unerledigt Login

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Facebook ≫ Proxygen Version >= 2018.10.29.00 < 2018.11.19.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.475

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-6343

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-6343

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-6343

EUVD