CVE-2019-11940 is a vulnerability in Facebook Proxygen
Published on December 4, 2019
In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2019-11940 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2019-11940
Want to know whenever a new CVE is published for Facebook Proxygen? stack.watch will email you.
Affected Versions
Facebook Proxygen:- Version v2017.04.03.00 is affected.
- Version v0.29.0 and below unspecified is affected.
- Version unspecified and below v0.29.0 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.