Published: 29/04/2019 Updated: 16/10/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

facebook fizz

Github Repositories

A collection of SSL/TLS security related resources.

Awesome SSL/TLS Hacks Contents Awesome SSL/TLS Hacks Contents SSL/TLS Protocol History SSL/TLS Hacks Cryptographic Issues CBC Issues RC4 Issues Compression Issues RSA Issues Implementation Issues Some Open Source Implementations of SSL/TLS OpenSSL Version History Vulnerabilities Fizz Vulnerabilities OpenSSL Vulnerabilities Tools Fuzzing Programing Scanning Others

GitHub Security Lab This is the main git repository of GitHub Security Lab We use it for these main purposes: We use issues on this repo to track CodeQL bounty requests We use it for publishing some of our proof-of-concept exploits (after the vulnerability has been fixed) These PoCs can be found in the SecurityExploits sub-directory Examples of CodeQL queries, which can be

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
Threatpost • Tara Seals • 22 Mar 2019

A critical denial-of-service (DoS) vulnerability in Facebook’s open-source implementation of the transport layer security (TLS) 1.3 protocol could cause an infinite loop – thus disrupting any web service that relies on it.
Kevin Backhouse, a researcher at Semmle, discovered the bug in the project (CVE-2019-3560), which is called Facebook Fizz. Fizz is used on most of Facebook’s own infrastructure to facilitate secure communications with web services using TLS 1.3 (i.e., https instead...