Users of the open-source project should upgrade immediately.
A critical denial-of-service (DoS) vulnerability in Facebook’s open-source implementation of the transport layer security (TLS) 1.3 protocol could cause an infinite loop – thus disrupting any web service that relies on it.
Kevin Backhouse, a researcher at Semmle, discovered the bug in the project (CVE-2019-3560), which is called Facebook Fizz. Fizz is used on most of Facebook’s own infrastructure to facilitate secure communications with web services using TLS 1.3 (i.e., https instead of http), but it was also made public last August for use by other organizations.
No comments:
Post a Comment