{"id":"CVE-2018-6343","details":"Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.","modified":"2026-04-11T11:39:53.782617Z","published":"2018-12-31T22:29:00.527Z","references":[{"type":"FIX","url":"https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/proxygen","events":[{"introduced":"8d1fbe4c21c29c1b5401f553f2d6f1a9aa2749c7"},{"fixed":"b87730ff5e019bd1280f91456a60b93dcc64a7c4"},{"fixed":"0600ebe59c3e82cd012def77ca9ca1918da74a71"}],"database_specific":{"versions":[{"introduced":"2018.10.29.00"},{"fixed":"2018.11.19.00"}]}}],"versions":["v2018.10.29.00","v2018.11.05.00","v2018.11.12.00"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6343.json","vanir_signatures":[{"signature_type":"Line","digest":{"line_hashes":["290367225625073252889140435475562056673","55569372103093655550470896619344892862","92818554587012321589991386624591299675","284747037404658890023681855717310687091","232889123310441046118340394852831348140","284293793174196680335568207559294735768"],"threshold":0.9},"signature_version":"v1","deprecated":false,"target":{"file":"proxygen/lib/http/session/HTTPSession.cpp"},"id":"CVE-2018-6343-13cec75b","source":"https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71"},{"signature_type":"Function","digest":{"function_hash":"303475124661473562446079657298598978694","length":893},"signature_version":"v1","deprecated":false,"target":{"file":"proxygen/lib/http/session/HTTPSession.cpp","function":"HTTPSession::onCertificate"},"id":"CVE-2018-6343-259996d0","source":"https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71"},{"signature_type":"Function","digest":{"function_hash":"263037823505901176985649406379346119889","length":927},"signature_version":"v1","deprecated":false,"target":{"file":"proxygen/lib/http/session/HTTPSession.cpp","function":"HTTPSession::onCertificateRequest"},"id":"CVE-2018-6343-78447648","source":"https://github.com/facebook/proxygen/commit/0600ebe59c3e82cd012def77ca9ca1918da74a71"}],"vanir_signatures_modified":"2026-04-11T11:39:53Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}