CVE-2019-11924

Summary

A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.

Affected Software

VendorProductVersion RangeStatus
Facebookfizzv2019.08.12.00affected
Facebookfizzv2019.01.28.00 < unspecifiedaffected

Weaknesses

  • Uncontrolled Resource Consumption (CWE-ID 400)

ADP Enrichment

CVE Program Container

Additional References

References