PT-2019-12574 · Facebook · Proxygen
Published
2019-12-04
·
Updated
2019-12-17
·
CVE-2019-11940
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Proxygen versions 0.29.0 through 2017.04.03.00
Description
The issue arises during the decompression of HPACK within the HTTP2 protocol. An unexpected sequence of header table resize operations can corrupt the header table state, resulting in a use-after-free condition and undefined behavior.
Recommendations
For Proxygen versions 0.29.0 through 2017.04.03.00, update to a version later than 2017.04.03.00 to resolve the issue.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proxygen