PT-2019-12558 · Facebook · Proxygen
Publicado
2019-07-25
·
Atualizado
2019-08-02
·
CVE-2019-11921
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Proxygen versions prior to v2019.07.22.00
Description
The issue is caused by improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers, allowing an out of bounds write via a specially crafted packet in certain configurations.
Recommendations
For versions prior to v2019.07.22.00, update to version v2019.07.22.00 or later to resolve the issue. As a temporary workaround, consider restricting access to malformed binary content in Structured HTTP Headers until a patch is applied.
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Proxygen