VYPR

fizz

by Facebook

CVEs (3)

  • CVE-2023-23759May 18, 2023
    risk 0.00cvss epss 0.01

    There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process…

  • CVE-2019-11924Aug 20, 2019
    risk 0.00cvss epss 0.02

    A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.

  • CVE-2019-3560Apr 29, 2019
    risk 0.00cvss epss 0.02

    An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.