{"id":"CVE-2019-11940","details":"In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00.","modified":"2026-04-11T08:05:32.230643Z","published":"2019-12-04T17:16:43.773Z","references":[{"type":"ADVISORY","url":"https://www.facebook.com/security/advisories/cve-2019-11940"},{"type":"FIX","url":"https://github.com/facebook/proxygen/commit/f43b134cc5c19d8532e7fb670a1c02e85f7a8d4f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/proxygen","events":[{"introduced":"ad1f5dc3c90d6215e322360d77bbd920f846d27b"},{"last_affected":"ce3fed75c6336befb65a3ccda22ab2157ec03d21"},{"fixed":"f43b134cc5c19d8532e7fb670a1c02e85f7a8d4f"}],"database_specific":{"versions":[{"introduced":"0.29.0"},{"last_affected":"2017.04.03.00"}]}}],"versions":["v0.29.0","v0.30.0","v0.32.0","v2017.01.16.00","v2017.01.23.00","v2017.01.30.00","v2017.03.06.00","v2017.03.13.00","v2017.03.20.00","v2017.03.27.00","v2017.04.03.00"],"database_specific":{"vanir_signatures_modified":"2026-04-11T08:05:32Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11940.json","vanir_signatures":[{"deprecated":false,"target":{"function":"TEST_F","file":"proxygen/lib/http/codec/compress/test/HeaderTableTests.cpp"},"signature_version":"v1","source":"https://github.com/facebook/proxygen/commit/f43b134cc5c19d8532e7fb670a1c02e85f7a8d4f","id":"CVE-2019-11940-2ddc95bb","signature_type":"Function","digest":{"length":346,"function_hash":"21166485523548710051446224941708954679"}},{"deprecated":false,"target":{"function":"HeaderTable::setCapacity","file":"proxygen/lib/http/codec/compress/HeaderTable.cpp"},"signature_version":"v1","source":"https://github.com/facebook/proxygen/commit/f43b134cc5c19d8532e7fb670a1c02e85f7a8d4f","id":"CVE-2019-11940-40fc9835","signature_type":"Function","digest":{"length":648,"function_hash":"25486112264607848014138733967360462091"}},{"deprecated":false,"target":{"file":"proxygen/lib/http/codec/compress/HeaderTable.cpp"},"signature_version":"v1","source":"https://github.com/facebook/proxygen/commit/f43b134cc5c19d8532e7fb670a1c02e85f7a8d4f","id":"CVE-2019-11940-9f132c56","signature_type":"Line","digest":{"line_hashes":["336560484748564292367235360124600627475","194012771022906866654595091907762216066","319063308610103975639231838176371475086","47637350694475059968459539003168866672","43242072634008767034200844269448053031","311882678757473976651453688201920299385","236857004845871867870014788386766523366","64503926374602396102436628111001947453","124109443435058216870680709077665140745","52061995476752509109891575878439199120","299249286436121815051166887417592582646","277581897779600535075354122557290331276","334152331315935516402785397710284283589","190803557455902510098399633803643093264","182142028638340357898326674853170309840","312762299055548932732662490174368497676","176995283909458610877271893543871218167","158308923287701722688802042593465749672","160052967855522841106439517952431877168","272951543047724948916863401728721185573","29462428018723721956168612816697304807","151990742365042294460776048106558740233","75407180318704451699303769443305508093"],"threshold":0.9}},{"deprecated":false,"target":{"file":"proxygen/lib/http/codec/compress/test/HeaderTableTests.cpp"},"signature_version":"v1","source":"https://github.com/facebook/proxygen/commit/f43b134cc5c19d8532e7fb670a1c02e85f7a8d4f","id":"CVE-2019-11940-f944feae","signature_type":"Line","digest":{"line_hashes":["317316444821647221601752569330905983995","126247991294599374789656917152494322434","103847973455558538065419659606559889123","138776251203649851595885584487224225762","293352389044534755756806541305421461114","271131021873889377160005489723689109485","128145668089555987622109629251392108897","274644670122308427999199587483171655667","283086251321536236102059658596525427450","108090834276371216710205156512230415329","44865561126338705522649296006553487050","138748585378520695538421306063267146516"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}