CVE-2018-6343

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Proxygen versions v2018.10.29.00 through v2018.11.19.00

Description The issue is related to the failure of Proxygen to validate that a secondary auth manager is set before dereferencing it, which can cause a denial of service issue. This occurs when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport.

Recommendations For Proxygen versions v2018.10.29.00 through v2018.11.19.00, update to a version newer than v2018.11.19.00 to resolve the issue.

Fix

DoS

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

CVE-2018-6343

Affected Products

Proxygen

CVE-2018-6343

Weakness Enumeration

Related Identifiers

Affected Products

References · 4