Skip to content

Facebook Fizz (CVE-2019-3560)

Choose a tag to compare

View all tags
@jkcso jkcso released this 29 Nov 18:36
· 83 commits to main since this release
facebook-codeql-database
cbc3e4d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This CodeQL database captures a vulnerable snapshot of the Facebook Fizz integer overflow vulnerability (CVE-2019-3560). Fizz contained a remotely triggerable infinite loop. For more details about the bug, see this blog post. A proof-of-concept exploit is available here.

Assets 3
Loading