What is CVE-2021-24029?

CVE-2021-24029 is a vulnerability that allows for a packet of death scenario in mvfst, leading to a crash via a failed assertion during a QUIC session.

What is the severity of CVE-2021-24029?

The severity of CVE-2021-24029 is high, with a severity value of 7.5.

How does CVE-2021-24029 affect mvfst?

CVE-2021-24029 affects mvfst versions prior to commit a67083ff4b8dc. It allows for a packet of death scenario, causing a crash via a failed assertion during a QUIC session.

How does CVE-2021-24029 affect Microsoft Windows Server 2022?

CVE-2021-24029 affects Microsoft Windows Server 2022 with proxygen versions prior to 2021.03.15.00. It allows for a packet of death scenario, causing a crash via a failed assertion during a QUIC session.

How can I fix CVE-2021-24029?

To fix CVE-2021-24029, upgrade to mvfst commit a67083ff4b8dc or later for mvfst, and upgrade to proxygen version 2021.03.15.00 or later for Microsoft Windows Server 2022.

Vulnerability/
CVE-2021-24029

high

7.5

CWE

617

15/3/2021

23/3/2021

CVE-2021-24029

First published: Mon Mar 15 2021(Updated: )

A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00.

Credit: cve-assign@fb.com

Affected Software	Affected Version	How to fix
Facebook Mvfst	<2021-03-13
Facebook Proxygen	<2021.03.15.00

Remedy

https://github.com/facebookincubator/mvfst/commit/a67083ff4b8dcbb7ee2839da6338032030d712b0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-24029?
CVE-2021-24029 is a vulnerability that allows for a packet of death scenario in mvfst, leading to a crash via a failed assertion during a QUIC session.
What is the severity of CVE-2021-24029?
The severity of CVE-2021-24029 is high, with a severity value of 7.5.
How does CVE-2021-24029 affect mvfst?
CVE-2021-24029 affects mvfst versions prior to commit a67083ff4b8dc. It allows for a packet of death scenario, causing a crash via a failed assertion during a QUIC session.
How does CVE-2021-24029 affect Microsoft Windows Server 2022?
CVE-2021-24029 affects Microsoft Windows Server 2022 with proxygen versions prior to 2021.03.15.00. It allows for a packet of death scenario, causing a crash via a failed assertion during a QUIC session.
How can I fix CVE-2021-24029?
To fix CVE-2021-24029, upgrade to mvfst commit a67083ff4b8dc or later for mvfst, and upgrade to proxygen version 2021.03.15.00 or later for Microsoft Windows Server 2022.

agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/facebook
canonical/facebook mvfst
canonical/facebook proxygen

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.