CVE-2018-6343

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-6343

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6343.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6343

Published

2018-12-31T22:29:00.527Z

Modified

2026-04-11T11:39:53.782617Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.

References

https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71

Affected packages

Git / github.com/facebook/proxygen

Affected ranges

Type

GIT

Repo

https://github.com/facebook/proxygen

Events

Introduced

8d1fbe4c21c29c1b5401f553f2d6f1a9aa2749c7

Fixed

b87730ff5e019bd1280f91456a60b93dcc64a7c4

Fixed

0600ebe59c3e82cd012def77ca9ca1918da74a71

Database specific

{
    "versions": [
        {
            "introduced": "2018.10.29.00"
        },
        {
            "fixed": "2018.11.19.00"
        }
    ]
}

Affected versions

v2018.*

v2018.10.29.00

v2018.11.05.00

v2018.11.12.00

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6343.json"

vanir_signatures_modified

"2026-04-11T11:39:53Z"

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "290367225625073252889140435475562056673",
                "55569372103093655550470896619344892862",
                "92818554587012321589991386624591299675",
                "284747037404658890023681855717310687091",
                "232889123310441046118340394852831348140",
                "284293793174196680335568207559294735768"
            ]
        },
        "source": "https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71",
        "id": "CVE-2018-6343-13cec75b",
        "signature_type": "Line",
        "target": {
            "file": "proxygen/lib/http/session/HTTPSession.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 893.0,
            "function_hash": "303475124661473562446079657298598978694"
        },
        "source": "https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71",
        "id": "CVE-2018-6343-259996d0",
        "signature_type": "Function",
        "target": {
            "function": "HTTPSession::onCertificate",
            "file": "proxygen/lib/http/session/HTTPSession.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 927.0,
            "function_hash": "263037823505901176985649406379346119889"
        },
        "source": "https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71",
        "id": "CVE-2018-6343-78447648",
        "signature_type": "Function",
        "target": {
            "function": "HTTPSession::onCertificateRequest",
            "file": "proxygen/lib/http/session/HTTPSession.cpp"
        }
    }
]