CVE-2019-11921

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00.

Published: Jul 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11921
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
facebook / proxygen	-	2019.07.22.00

https://github.com/facebook/proxygen/commit/2f07985bef9fbae124cc63e5c0272e32da4fdaec
https://www.facebook.com/security/advisories/cve-2019-11921

Vulnerability Database

289,598

CVE-2019-11921