CVE-2019-11924
First published: Tue Aug 20 2019(Updated: )
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Fizz | >=2019.01.28.00<=2019.08.05.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11924?
The severity of CVE-2019-11924 is high with a score of 7.5.
How does CVE-2019-11924 affect Facebook Fizz?
CVE-2019-11924 affects versions v2019.01.28.00 and above of Facebook Fizz until v2019.08.05.00.
What is the impact of CVE-2019-11924?
CVE-2019-11924 can result in memory exhaustion due to empty handshake fragments containing only padding.
How can I fix CVE-2019-11924?
To fix CVE-2019-11924, update Facebook Fizz to version v2019.08.05.00 or above.
Where can I find more information about CVE-2019-11924?
More information about CVE-2019-11924 can be found in the Facebook Fizz security advisory.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/facebook
- canonical/facebook fizz
- version/facebook fizz/2019.01.28.00
- version/facebook fizz/2019.08.05.00