2017.03.13.00

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2021-03-15	CVE-2021-24029	Reachable Assertion vulnerability in Facebook Mvfst and Proxygen A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. network low complexity facebook CWE-617	5.0
2020-05-18	CVE-2020-1897	Use After Free vulnerability in Facebook Proxygen A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. network low complexity facebook CWE-416	7.5
2019-12-04	CVE-2019-11940	Use After Free vulnerability in Facebook Proxygen In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. network low complexity facebook CWE-416	7.5
2019-07-25	CVE-2019-11921	Out-of-bounds Write vulnerability in Facebook Proxygen An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. network low complexity facebook CWE-787	7.5