← back
CVE-2023-23759

CVE-2023-23759

CVSS 7.5 HIGHEPSS 0.7%CWE-617
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.7%KEV nãoPoC Patch
Lifecycle
18 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Facebook · fizz

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265https://www.facebook.com/security/advisories/cve-2023-23759