CVE-2023-23759

HIGH 7.5

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).

Vendor	facebook
Product	fizz
Published	May 18, 2023
Last Updated	Jan 21, 2025

Stay Ahead of the Next One

Get instant alerts for facebook fizz

Be the first to know when new high vulnerabilities affecting facebook fizz are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Facebook / fizz

v0.0.0.0 < v2023.01.30.00

References

NVD ↗ CVE.org ↗ EPSS Data ↗

facebook.com: https://www.facebook.com/security/advisories/cve-2023-23759 github.com: https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265