MidnightBSD

Advisories for proxygen_project

CVE-2015-7263 MEDIUM

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
proxygen_project proxygen *
CVE-2015-7264 HIGH

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
proxygen_project proxygen *
CVE-2015-7265 MEDIUM

Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
proxygen_project proxygen *
CVE-2018-6346 MEDIUM

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-388,

Products Affected

Vendor Product Version
proxygen_project proxygen *
CVE-2018-6347 MEDIUM

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-20,

Products Affected

Vendor Product Version
proxygen_project proxygen *