CVE-2019-3560

Published: Apr 29, 2019

Modified: Feb 13, 2025

PUBLISHED

Description

An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.

Vendor	Product	Versions
Facebook	fizz	affected `v2019.03.04.00` affected `unspecified - < v2019.03.04.00`

Weaknesses (CWE)

CWE-835

References

https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2

http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html

http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-3560

Description

Affected Products

Weaknesses (CWE)

References