CVE-2019-11924

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11924

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11924.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-11924

Published

2019-08-20T20:15:11.290Z

Modified

2026-02-11T11:43:13.745904Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.

References

Affected packages

Git / github.com/facebookincubator/fizz

Affected ranges

Type: GIT
Repo: https://github.com/facebookincubator/fizz
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3eaddb33619eaaf74a760872850c550ad8f5c52f

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6bf67137ef1ee5cd70c842b014c322b7deaf994b

Affected versions

v2018.*

v2018.09.24.00

v2018.10.01.00

v2018.10.08.00

v2018.10.15.00

v2018.10.22.00

v2018.10.29.00

v2018.11.05.00

v2018.11.12.00

v2018.11.19.00

v2018.11.26.00

v2018.12.03.00

v2018.12.10.00

v2018.12.17.00

v2018.12.24.00

v2018.12.31.00

v2019.*

v2019.01.07.00

v2019.01.14.00

v2019.01.21.00

v2019.01.28.00

v2019.02.04.00

v2019.02.11.00

v2019.02.18.00

v2019.02.25.00

v2019.03.04.00

v2019.03.18.00

v2019.03.25.00

v2019.04.01.00

v2019.04.08.00

v2019.04.15.00

v2019.04.22.00

v2019.04.29.00

v2019.05.06.00

v2019.05.13.00

v2019.05.20.00

v2019.05.27.00

v2019.06.03.00

v2019.06.10.00

v2019.06.17.00

v2019.06.24.00

v2019.07.01.00

v2019.07.08.00

v2019.07.15.00

v2019.07.22.00

v2019.07.29.00

v2019.08.05.00

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "fizz/record/RecordLayer.cpp"
        },
        "id": "CVE-2019-11924-531567ac",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "23378063232812343510597121253053980188",
                "337853026302685657175503940457782108744",
                "171101015422274171732617162602322313710",
                "79890458142866171684638284595330799795"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52f",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "fizz/record/EncryptedRecordLayer.cpp"
        },
        "id": "CVE-2019-11924-7c2b9f5e",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "151199489339986283029704048209539753837",
                "35517397393718965047041959265537461280",
                "73305149069419082673031163121807567056",
                "299230504749009405587606604815449187191"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b",
        "signature_version": "v1"
    },
    {
        "target": {
            "function": "ReadRecordLayer::readEvent",
            "file": "fizz/record/RecordLayer.cpp"
        },
        "id": "CVE-2019-11924-9024b023",
        "deprecated": false,
        "digest": {
            "length": 1319.0,
            "function_hash": "20185177363206806993423567665697563818"
        },
        "signature_type": "Function",
        "source": "https://github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52f",
        "signature_version": "v1"
    },
    {
        "target": {
            "function": "EncryptedReadRecordLayer::read",
            "file": "fizz/record/EncryptedRecordLayer.cpp"
        },
        "id": "CVE-2019-11924-96f05d30",
        "deprecated": false,
        "digest": {
            "length": 1101.0,
            "function_hash": "49798349820604613252873878731339836408"
        },
        "signature_type": "Function",
        "source": "https://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "fizz/record/test/EncryptedRecordTest.cpp"
        },
        "id": "CVE-2019-11924-fc571ce2",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "189038259679934174011018336465141156290",
                "210192097367134237374705695310999135650",
                "61635371859289304071434880827358365662",
                "225304188162875061993311240583984993124"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11924.json"