Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2019-11924

Published: 20/08/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 695
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Facebook

Vulnerability Summary

A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

facebook fizz

Github Repositories

https://github.com/lennysec/awesome-tls-hacks

A collection of SSL/TLS security related resources.

Awesome SSL/TLS Hacks Contents Awesome SSL/TLS Hacks Contents SSL/TLS Protocol History SSL/TLS Hacks Cryptographic Issues CBC Issues RC4 Issues Compression Issues RSA Issues Implementation Issues Some Open Source Implementations of SSL/TLS OpenSSL Version History Vulnerabilities Fizz Vulnerabilities OpenSSL Vulnerabilities Tools Fuzzing Programing Scanning Others

https://github.com/paulveillard/cybersecurity-tls-security

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about SSL / TLS

Transport Layer Security (TLS): Theory, Techniques, and Tools An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about TLS in Cybersecurity Thanks to all contributors, you're awesome and wou

https://github.com/lenny233/awesome-tls-hacks

A collection of SSL/TLS security related resources.

Awesome SSL/TLS Hacks Contents Awesome SSL/TLS Hacks Contents SSL/TLS Protocol History SSL/TLS Hacks Cryptographic Issues CBC Issues RC4 Issues Compression Issues RSA Issues Implementation Issues Some Open Source Implementations of SSL/TLS OpenSSL Version History Vulnerabilities Fizz Vulnerabilities OpenSSL Vulnerabilities Tools Fuzzing Programing Scanning Others

References

CWE-770https://www.facebook.com/security/advisories/cve-2019-11924https://github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52fhttps://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994bhttps://nvd.nist.govhttps://github.com/lennysec/awesome-tls-hacks
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook