What is CVE-2018-6343?

CVE-2018-6343 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 7.5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2018-6343

HIGH7.5/ 10.0

Published: December 31, 2018 at 10:29 PM

Modified: May 6, 2025 at 04:15 PM

Source: cve-assign@fb.com

Vulnerability Description

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.

CVSS Metrics

Base Score

7.5

Severity

HIGH

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-476

Source: cve-assign@fb.com

CWE-20

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Proxygen, a Facebook-developed HTTP and TLS library, is vulnerable to a denial-of-service (DoS) attack. By sending a crafted HTTP/2 frame over a TLS 1.3 connection, an attacker can trigger a crash due to a null pointer dereference, rendering the service unavailable. This vulnerability impacts versions released between late October and mid-November 2018.

02 // Vulnerability Mechanism

Step 1: Connection Establishment: The attacker establishes a TLS 1.3 connection with a server using Proxygen.

Step 2: Frame Injection: The attacker crafts a malicious Certificate/CertificateRequest HTTP/2 frame.

Step 3: Frame Transmission: The attacker sends the crafted frame to the server.

Step 4: Vulnerability Trigger: The Proxygen library attempts to process the frame.

Step 5: Null Dereference: The code attempts to use a secondary authentication manager without validating its existence, leading to a null pointer dereference.

Step 6: Denial of Service: The null pointer dereference causes the server process to crash, resulting in a denial of service.

03 // Deep Technical Analysis

The vulnerability lies within Proxygen's handling of secondary authentication managers during the parsing of Certificate/CertificateRequest HTTP/2 frames over a TLS 1.3 connection. Specifically, the code fails to validate if a secondary authentication manager is initialized before attempting to dereference it. This leads to a null pointer dereference when processing the frame, causing the program to crash. The root cause is a missing null check before accessing the secondary authentication manager's methods. This is a classic example of a logic error leading to a crash and subsequent DoS condition.