CNNVD-202507-1688 Information
Jul 11, 2025
cve
CNNVD ID
CNNVD-202507-1688
Related CVE
- CNNVD Published: 2025-07-11
Description (Chinese)
mvfst是Meta开源的一个IETF QUIC协议的客户端和服务器端实现。 mvfst v2025.07.07.00之前版本存在安全漏洞,该漏洞源于QUIC会话中特制消息可能导致堆缓冲区溢出。
Description (English)
mvfst is a client and server for an IETF QUIC protocol from Meta Open Source. The pre-mvfst v2025.07.07.00 version has a security loophole, which stems from QUIC messages that could result in a spill over the buffer zone.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Meta Platforms
Published
2025-07-11
Last Modified
2026-02-24
References
https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0 https://www.facebook.com/security/advisories/cve-2025-30403
Patch
https://github.com/facebook/mvfst
Share on: