Facebook Fizz
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Facebook Fizz.
By the Year
In 2025 there have been 0 vulnerabilities in Facebook Fizz. Fizz did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 7.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Fizz vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook Fizz Security Vulnerabilities
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely
CVE-2023-23759
7.5 - High
- May 18, 2023
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).
assertion failure
A peer could send empty handshake fragments containing only padding
CVE-2019-11924
7.5 - High
- August 20, 2019
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
Allocation of Resources Without Limits or Throttling
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input
CVE-2019-3560
7.5 - High
- April 29, 2019
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.
Incorrect Calculation of Buffer Size
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook Fizz or by Facebook? Click the Watch button to subscribe.
