CVE-2019-3563

CRITICAL

Facebook Wangle < 2019.04.22.00 - Out-of-Bounds Write

Title source: rule

Description

Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00

References (1)

[Patch, Third Party Advisory] https://github.com/facebook/wangle/commit/5b3bceca875e4ea4ed9d14c20b20ce46c92c13c6

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0043

EPSS Percentile 62.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-126 CWE-787

Status published

Affected Products (1)

facebook/wangle < 2019.04.22.00

Timeline

Published Apr 29, 2019

Tracked Since Feb 18, 2026