PT-2021-15653 · Mvfst+1 · Mvfst+1

Published

2021-03-15

Updated

2021-03-23

CVE-2021-24029

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 proxygen versions prior to v2021.03.15.00

Description: A packet of death scenario is possible via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error.

Recommendations: For mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0, update to a version that includes commit a67083ff4b8dcbb7ee2839da6338032030d712b0 or later. For proxygen versions prior to v2021.03.15.00, update to v2021.03.15.00 or later.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

CVE-2021-24029

Affected Products

Mvfst

Proxygen

PT-2021-15653 · Mvfst+1 · Mvfst+1

CVE-2021-24029

Weakness Enumeration

Related Identifiers

Affected Products

References · 7