CVE-2020-1897

Summary

A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00.

Affected Software

VendorProductVersion RangeStatus
Facebookproxygenunspecified < v2020.05.18.00affected
Facebookproxygenv2020.05.18.00 < unspecifiedunaffected

Weaknesses

  • Use-after-free (CWE-ID 416)

ADP Enrichment

CVE Program Container

Additional References

References