CVE-2023-23759

Name of the Vulnerable Software and Affected Versions fizz library versions prior to v2023.01.30.00

Description The issue is related to a CHECK failure that can be triggered remotely in the fizz library. This behavior occurs when the client-supported cipher advertisement changes between the original ClientHello and the second ClientHello, resulting in a process crash. The impact is limited to denial of service.

Recommendations For versions prior to v2023.01.30.00, update to version v2023.01.30.00 or later to resolve the issue. As a temporary workaround, consider restricting changes to the client-supported cipher advertisement between the original and second ClientHello to minimize the risk of exploitation.