CVE-2019-3560
First published: Mon Apr 29 2019(Updated: )
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.
Credit: cve-assign@fb.com cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Fizz | <2019.03.04.00 | |
| <2019.03.04.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3560?
CVE-2019-3560 is a vulnerability that involves an improper length calculation on a buffer in PlaintextRecordLayer, leading to an infinite loop and denial-of-service based on user input.
Which software versions are affected by CVE-2019-3560?
Versions of fizz prior to v2019.03.04.00 are affected by CVE-2019-3560.
What is the severity of CVE-2019-3560?
CVE-2019-3560 has a severity rating of high, with a CVSS score of 7.5.
How can I fix CVE-2019-3560?
To fix CVE-2019-3560, it is recommended to upgrade to version v2019.03.04.00 or higher of fizz.
Where can I find more information about CVE-2019-3560?
More information about CVE-2019-3560 can be found at the following references: [1] http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html [2] https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/facebook
- canonical/facebook fizz