Kyle Nekritz

4 exploits Active since Dec 2018
CVE-2018-6343 WRITEUP HIGH WRITEUP
Proxygen 2018.10.29.00-2018.11.19.00 - Denial of Service via Certificate/CertificateRequest HTTP2 Frame Parsing
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.
CVSS 7.5
CVE-2019-11934 WRITEUP CRITICAL WRITEUP
Folly <2019.11.04.00 - Memory Corruption
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.
CVSS 9.8
CVE-2019-3560 WRITEUP HIGH WRITEUP
Facebook Fizz < 2019.03.04.00 - Denial of Service via PlaintextRecordLayer Buffer Length Calculation
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.
CVSS 7.5
CVE-2019-3563 WRITEUP CRITICAL WRITEUP
Wangle < 2019.04.22.00 - Buffer Over-read in LineBasedFrameDecoder
Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00
CVSS 9.8