CVE-2023-23759
First published: Thu May 18 2023(Updated: )
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Fizz | <2023.01.30.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-23759.
What is the severity of CVE-2023-23759?
The severity of CVE-2023-23759 is high with a severity value of 7.5.
Which software is affected by CVE-2023-23759?
The Fizz library prior to v2023.01.30.00 is affected by CVE-2023-23759.
How can CVE-2023-23759 be exploited?
CVE-2023-23759 can be exploited remotely by triggering a CHECK failure through a change in supported cipher advertisement.
Is there a fix available for CVE-2023-23759?
Yes, the fix for CVE-2023-23759 is available with the v2023.01.30.00 release of the Fizz library.
- collector/nvd-index
- agent/weakness
- vendor/facebook
- canonical/facebook fizz