Facebook Proxygen

9 CVEs affecting Facebook Proxygen. Latest disclosed: 2025-12-02. Critical: 3, High: 5.

Top CVEs affecting Facebook Proxygen
CVESeverityScorePublishedSummary
CVE-2020-1897Critical9.82020-05-18A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific…
CVE-2019-11940Critical9.82019-12-04In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corr…
CVE-2019-11921Critical9.82019-07-25An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malform…
CVE-2023-44487High7.52023-10-10The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w…
CVE-2021-24029High7.52021-03-15A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC sp…
CVE-2018-6347High7.52018-12-31An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.
CVE-2018-6346High7.52018-12-31A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen pri…
CVE-2018-6343High7.52018-12-31Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/Ce…
CVE-2025-55181Medium5.32025-12-02Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing ev…