Padding-based Memory Exhaustion Vulnerability in Fizz

Padding-based Memory Exhaustion Vulnerability in Fizz

CVE-2019-11924 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:N/A:C

A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.

Learn more about our Web Application Penetration Testing UK.