N/A

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.

N/A

空指针解引用

Facebook Proxygen 安全漏洞

Facebook Proxygen是美国Facebook公司的一套开源的C++HTTP类库。 Facebook Proxygen 2018.10.29.00版本至2018.11.19.00版本（不含）中存在安全漏洞，该漏洞源于在逆向引用secondary auth manager之前，程序未能检验是否设置了secondary auth manager。攻击者可利用该漏洞造成拒绝服务。

N/A

N/A