{"id":"CVE-2020-1897","details":"A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00.","modified":"2026-07-08T19:01:42.485490Z","published":"2020-05-18T22:15:13Z","references":[{"type":"ADVISORY","url":"https://www.facebook.com/security/advisories/cve-2020-1897"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/proxygen","events":[{"introduced":"0"},{"fixed":"c767d0cb3e2ba6dd6e78a3b6e4c84e633183ced1"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2020.05.18.00"}],"cpe":"cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["v2020.05.11.00","v2020.05.04.00","v2020.04.27.00","v2020.04.20.00","v2020.04.13.00","v2020.04.06.00","v2020.03.30.00","v2020.03.23.00","v2020.03.16.00","v2020.03.09.00","v2020.03.02.00","v2020.02.24.00","v2020.02.17.00","v2020.02.10.00","v2020.02.03.00","v2020.01.27.00","v2020.01.20.00","v2020.01.13.00","v2020.01.06.00","v2019.12.30.00","v2019.12.23.00","v2019.12.16.00","v2019.12.09.00","v2019.12.06.00","v2019.12.02.00","v2019.11.11.00","v2019.11.04.00","v2019.10.28.00","v2019.10.21.00","v2019.10.14.00","v2019.10.07.00","v2019.09.30.00","v2019.09.23.00","v2019.09.16.00","v2019.09.09.00","v2019.09.02.00","v2019.08.26.00","v2019.08.19.00","v2019.08.12.00","v2019.08.05.00","v2019.07.29.00","v2019.07.22.00","v2019.07.15.00","v2019.07.08.00","v2019.07.01.00","v2019.06.24.00","v2019.06.17.00","v2019.06.10.00","v2019.06.03.00","v2019.05.27.00","v2019.05.20.00","v2019.05.13.00","v2019.05.06.00","v2019.04.29.00","v2019.04.22.00","v2019.04.15.00","v2019.04.08.00","v2019.04.01.00","v2019.03.25.00","v2019.03.18.00","v2019.03.04.00","v2019.02.25.00","v2019.02.18.00","v2019.02.11.00","v2019.02.04.00","v2019.01.28.00","v2019.01.21.00","v2019.01.14.00","v2019.01.07.00","v2018.12.31.00","v2018.12.24.00","v2018.12.17.00","v2018.12.10.00","v2018.12.03.00","v2018.11.26.00","v2018.11.19.00","v2018.11.12.00","v2018.11.05.00","v2018.10.29.00","v2018.10.22.00","v2018.10.15.00","v2018.10.08.00","v2018.10.01.00","v2018.09.24.00","v2018.09.17.00","v2018.09.10.00","v2018.09.03.00","v2018.08.27.00","v2018.08.20.00","v2018.08.13.00","v2018.08.06.00","v2018.07.30.00","v2018.07.23.00","v2018.07.16.00","v2018.07.09.00","v2018.07.02.00","v2018.06.25.00","v2018.06.18.00","v2018.06.11.00","v2018.06.04.00","v2018.05.28.00","v2018.05.21.00","v2018.05.14.00","v2018.05.07.00","v2018.04.30.00","v2018.04.23.00","v2018.04.16.00","v2018.04.09.00","v2018.04.02.00","v2018.03.26.00","v2018.03.19.00","v2018.03.12.00","v2018.03.05.00","v2018.02.26.00","v2018.02.19.00","v2018.02.12.00","v2018.02.05.00","v2018.01.29.00","v2018.01.22.00","v2018.01.15.00","v2018.01.08.00","v2018.01.01.00","v2017.12.25.00","v2017.12.18.00","v2017.12.11.00","v2017.12.04.00","v2017.11.27.00","v2017.11.20.00","v2017.11.13.00","v2017.11.06.00","v2017.10.30.00","v2017.10.23.00","v2017.10.16.00","v2017.10.09.00","v2017.10.02.00","v2017.09.25.00","v2017.09.18.00","v2017.09.11.00","v2017.09.04.00","v2017.08.28.00","v2017.08.21.00","v2017.08.14.00","v2017.08.07.00","v2017.07.31.00","v2017.07.24.00","v2017.07.17.00","v2017.07.10.00","v2017.07.03.00","v2017.06.26.00","v2017.06.19.00","v2017.06.12.00","v2017.06.05.00","v2017.05.29.00","v2017.05.22.00","v2017.05.15.00","v2017.05.08.00","v2017.05.01.00","v2017.04.24.00","v2017.04.17.00","v2017.04.10.00","v2017.04.03.00","v2017.03.27.00","v2017.03.20.00","v2017.03.13.00","v2017.03.06.00","v2017.01.30.00","v2017.01.23.00","v2017.01.16.00","v0.32.0","v0.30.0","v0.29.0","v0.28.0","v0.27.0","v0.26.0","v0.25.0","v0.24.0","v0.23.0","v0.22.0","v0.21.0","v0.20.0","v0.19.0","v0.18.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2020-1897-744f3529","digest":{"threshold":0.9,"line_hashes":["260309577380037808524050503661956257216","310779120184317473155163252352988692842","334887586225511844579621647945052586693","287197416808537369427080415751610110424","87358046795686446933263084514674363556","299698520978414443166738047773505764370","48223914865223563550238594681641598591","219540545983891074074648751176733424058","100605562379085606539644449385665590175"]},"source":"https://github.com/facebook/proxygen/commit/c767d0cb3e2ba6dd6e78a3b6e4c84e633183ced1","target":{"file":"proxygen/lib/statistics/PeriodicStats.h"}},{"deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2020-1897-fb777b17","digest":{"threshold":0.9,"line_hashes":["279743856511782735304263780271489266928","42694201820562791368475487029641644640","80606132694910883499825261907974250309","101749347532908064885373264952244679946","83138816353786517335493722693783911083","319110823684114000848758698946976437299","78251295627051125344240436521959342907","299587009123260816491790387741666892528","4972538655280143058100396960962305902","234616028782790277530810907865414042400","180802072548497113857679444020024226400","302034056639680546283966926442449636198","282668361496716879694791361464859718357","199676577855914254206978124266450004080","302221053907745389504816367326251155435","284010187217906881281878223892905589637","292662548977286071806204644864408105036","231506090302232212696354752533883828438","2365041004863427356658700116265639508","286874688645095293359659966171136650010","14445786425289224264177394910772828156","67280392397064812224904860287123797214","78415527854589203157270268488088455888","160409400841765061508715760242797437640","80607345132514112796432108286513647594","119463193017329705200811826192607557511","73249345608251172823149774639903115525","49441962479821337260125611493597572750"]},"source":"https://github.com/facebook/proxygen/commit/c767d0cb3e2ba6dd6e78a3b6e4c84e633183ced1","target":{"file":"proxygen/lib/statistics/ResourceData.h"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1897.json","vanir_signatures_modified":"2026-07-08T19:01:42Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}