Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for proxygen by proxygen_project
CVE-2018-6347 (GCVE-0-2018-6347)
Vulnerability from nvd – Published: 2018-12-31 22:00 – Updated: 2025-05-06 15:53
VLAI?
Summary
An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.
Severity ?
7.5 (High)
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2018-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:53:22.054940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:53:44.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Proxygen",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2018.12.31.00"
},
{
"lessThanOrEqual": "v2018.12.31.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-19T00:00:00.000Z",
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-31T21:57:01.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-19",
"ID": "CVE-2018-6347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxygen",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2018.12.31.00"
},
{
"version_affected": "\u003c=",
"version_value": "v2018.12.31.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711",
"refsource": "MISC",
"url": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6347",
"datePublished": "2018-12-31T22:00:00.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2025-05-06T15:53:44.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6346 (GCVE-0-2018-6346)
Vulnerability from nvd – Published: 2018-12-31 22:00 – Updated: 2025-05-06 16:00
VLAI?
Summary
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.
Severity ?
7.5 (High)
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2018-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:58:29.167187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:00:14.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Proxygen",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2018.12.31.00"
},
{
"lessThan": "v2018.12.31.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-19T00:00:00.000Z",
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-31T21:57:01.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-19",
"ID": "CVE-2018-6346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxygen",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2018.12.31.00"
},
{
"version_affected": "\u003c",
"version_value": "v2018.12.31.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982",
"refsource": "MISC",
"url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6346",
"datePublished": "2018-12-31T22:00:00.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2025-05-06T16:00:14.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7265 (GCVE-0-2015-7265)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.
Severity ?
No CVSS data available.
CWE
- mismanages state
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Facebook Proxygen before 2015-11-09 |
Affected:
Facebook Proxygen before 2015-11-09
|
Date Public ?
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Proxygen before 2015-11-09",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Facebook Proxygen before 2015-11-09"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mismanages state",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Proxygen before 2015-11-09",
"version": {
"version_data": [
{
"version_value": "Facebook Proxygen before 2015-11-09"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mismanages state"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7265",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2015-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7264 (GCVE-0-2015-7264)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.
Severity ?
No CVSS data available.
CWE
- truncation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Facebook Proxygen before 2015-11-09 |
Affected:
Facebook Proxygen before 2015-11-09
|
Date Public ?
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Proxygen before 2015-11-09",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Facebook Proxygen before 2015-11-09"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "truncation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Proxygen before 2015-11-09",
"version": {
"version_data": [
{
"version_value": "Facebook Proxygen before 2015-11-09"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "truncation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7264",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2015-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7263 (GCVE-0-2015-7263)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.
Severity ?
No CVSS data available.
CWE
- Unsafe URL encoding
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Facebook Proxygen before 2015-11-09 |
Affected:
Facebook Proxygen before 2015-11-09
|
Date Public ?
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Proxygen before 2015-11-09",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Facebook Proxygen before 2015-11-09"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsafe URL encoding",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Proxygen before 2015-11-09",
"version": {
"version_data": [
{
"version_value": "Facebook Proxygen before 2015-11-09"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe URL encoding"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7263",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2015-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6347 (GCVE-0-2018-6347)
Vulnerability from cvelistv5 – Published: 2018-12-31 22:00 – Updated: 2025-05-06 15:53
VLAI?
Summary
An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.
Severity ?
7.5 (High)
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2018-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:53:22.054940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:53:44.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Proxygen",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2018.12.31.00"
},
{
"lessThanOrEqual": "v2018.12.31.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-19T00:00:00.000Z",
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-31T21:57:01.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-19",
"ID": "CVE-2018-6347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxygen",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2018.12.31.00"
},
{
"version_affected": "\u003c=",
"version_value": "v2018.12.31.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711",
"refsource": "MISC",
"url": "https://github.com/facebook/proxygen/commit/223e0aa6bc7590e86af1e917185a2e0efe160711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6347",
"datePublished": "2018-12-31T22:00:00.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2025-05-06T15:53:44.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6346 (GCVE-0-2018-6346)
Vulnerability from cvelistv5 – Published: 2018-12-31 22:00 – Updated: 2025-05-06 16:00
VLAI?
Summary
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.
Severity ?
7.5 (High)
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2018-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:58:29.167187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:00:14.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Proxygen",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2018.12.31.00"
},
{
"lessThan": "v2018.12.31.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-19T00:00:00.000Z",
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-31T21:57:01.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-19",
"ID": "CVE-2018-6346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proxygen",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2018.12.31.00"
},
{
"version_affected": "\u003c",
"version_value": "v2018.12.31.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982",
"refsource": "MISC",
"url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6346",
"datePublished": "2018-12-31T22:00:00.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2025-05-06T16:00:14.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7264 (GCVE-0-2015-7264)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.
Severity ?
No CVSS data available.
CWE
- truncation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Facebook Proxygen before 2015-11-09 |
Affected:
Facebook Proxygen before 2015-11-09
|
Date Public ?
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Proxygen before 2015-11-09",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Facebook Proxygen before 2015-11-09"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "truncation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Proxygen before 2015-11-09",
"version": {
"version_data": [
{
"version_value": "Facebook Proxygen before 2015-11-09"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "truncation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7264",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2015-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7265 (GCVE-0-2015-7265)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.
Severity ?
No CVSS data available.
CWE
- mismanages state
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Facebook Proxygen before 2015-11-09 |
Affected:
Facebook Proxygen before 2015-11-09
|
Date Public ?
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Proxygen before 2015-11-09",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Facebook Proxygen before 2015-11-09"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mismanages state",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Proxygen before 2015-11-09",
"version": {
"version_data": [
{
"version_value": "Facebook Proxygen before 2015-11-09"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mismanages state"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7265",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2015-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7263 (GCVE-0-2015-7263)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.
Severity ?
No CVSS data available.
CWE
- Unsafe URL encoding
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Facebook Proxygen before 2015-11-09 |
Affected:
Facebook Proxygen before 2015-11-09
|
Date Public ?
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Proxygen before 2015-11-09",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Facebook Proxygen before 2015-11-09"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsafe URL encoding",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/facebook-proxygen/K8wCXbW4ihs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Proxygen before 2015-11-09",
"version": {
"version_data": [
{
"version_value": "Facebook Proxygen before 2015-11-09"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe URL encoding"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/facebook-proxygen/K8wCXbW4ihs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7263",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2015-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}