Vulnerabilities > Facebook > Proxygen
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2021-03-15 | CVE-2021-24029 | Reachable Assertion vulnerability in Facebook Proxygen A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. | 7.5 |
| 2020-05-18 | CVE-2020-1897 | Use After Free vulnerability in Facebook Proxygen A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. | 9.8 |
| 2019-12-04 | CVE-2019-11940 | Use After Free vulnerability in Facebook Proxygen In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. | 9.8 |
| 2019-07-25 | CVE-2019-11921 | Out-of-bounds Write vulnerability in Facebook Proxygen An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. | 9.8 |
| 2018-12-31 | CVE-2018-6343 | Improper Input Validation vulnerability in Facebook Proxygen 2018.10.29.00/2018.11.05.00/2018.11.12.00 Proxygen fails to validate that a secondary auth manager is set before dereferencing it. | 7.5 |