PT-2019-12558 · Facebook · Proxygen
Published
2019-07-25
·
Updated
2019-08-02
·
CVE-2019-11921
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Proxygen versions prior to v2019.07.22.00
Description
The issue is caused by improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers, allowing an out of bounds write via a specially crafted packet in certain configurations.
Recommendations
For versions prior to v2019.07.22.00, update to version v2019.07.22.00 or later to resolve the issue. As a temporary workaround, consider restricting access to malformed binary content in Structured HTTP Headers until a patch is applied.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proxygen