CVE-2019-11924
- Source
- https://cve.org/CVERecord?id=CVE-2019-11924
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11924.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11924
- Published
- 2019-08-20T20:15:11.290Z
- Modified
- 2026-04-11T08:05:33.881770Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
- References
Affected packages
Git / github.com/facebookincubator/fizz
Affected versions
v2019.*
v2019.01.28.00
v2019.02.04.00
v2019.02.11.00
v2019.02.18.00
v2019.02.25.00
v2019.03.04.00
v2019.03.18.00
v2019.03.25.00
v2019.04.01.00
v2019.04.08.00
v2019.04.15.00
v2019.04.22.00
v2019.04.29.00
v2019.05.06.00
v2019.05.13.00
v2019.05.20.00
v2019.05.27.00
v2019.06.03.00
v2019.06.10.00
v2019.06.17.00
v2019.06.24.00
v2019.07.01.00
v2019.07.08.00
v2019.07.15.00
v2019.07.22.00
v2019.07.29.00
v2019.08.05.00
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11924.json"
vanir_signatures_modified
"2026-04-11T08:05:33Z"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"23378063232812343510597121253053980188",
"337853026302685657175503940457782108744",
"171101015422274171732617162602322313710",
"79890458142866171684638284595330799795"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2019-11924-531567ac",
"signature_version": "v1",
"source": "https://github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52f",
"target": {
"file": "fizz/record/RecordLayer.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"151199489339986283029704048209539753837",
"35517397393718965047041959265537461280",
"73305149069419082673031163121807567056",
"299230504749009405587606604815449187191"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2019-11924-7c2b9f5e",
"signature_version": "v1",
"source": "https://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b",
"target": {
"file": "fizz/record/EncryptedRecordLayer.cpp"
}
},
{
"digest": {
"length": 1319.0,
"function_hash": "20185177363206806993423567665697563818"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-11924-9024b023",
"signature_version": "v1",
"source": "https://github.com/facebookincubator/fizz/commit/3eaddb33619eaaf74a760872850c550ad8f5c52f",
"target": {
"function": "ReadRecordLayer::readEvent",
"file": "fizz/record/RecordLayer.cpp"
}
},
{
"digest": {
"length": 1101.0,
"function_hash": "49798349820604613252873878731339836408"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2019-11924-96f05d30",
"signature_version": "v1",
"source": "https://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b",
"target": {
"function": "EncryptedReadRecordLayer::read",
"file": "fizz/record/EncryptedRecordLayer.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"189038259679934174011018336465141156290",
"210192097367134237374705695310999135650",
"61635371859289304071434880827358365662",
"225304188162875061993311240583984993124"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2019-11924-fc571ce2",
"signature_version": "v1",
"source": "https://github.com/facebookincubator/fizz/commit/6bf67137ef1ee5cd70c842b014c322b7deaf994b",
"target": {
"file": "fizz/record/test/EncryptedRecordTest.cpp"
}
}
]