GCVE - cpe:2.3:a:facebook:mvfst:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:facebook:mvfst:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Facebook (`c319c35a-3469-5baa-b3bd-8582d1206a92`)
Product	Mvfst (`89530d68-c8fa-58ac-82f4-69713bf2e771`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/facebookincubator/mvfst`	purl2cpe	2026-06-01 10:11:42.926358

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-30403`	vulnerable	2026-06-03 15:00:28.239115	Details available A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00. Published: 2025-07-11T18:26:51.212Z Updated: 2025-07-11T19:23:37.185Z Open on db.gcve.eu Reference links https://www.facebook.com/security/advisories/cve-2025-30403 https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24029`	vulnerable	2026-06-03 14:43:55.985753	Details available A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. Published: 2021-03-15T21:15:16.000Z Updated: 2024-08-03T19:21:17.115Z Open on db.gcve.eu Reference links https://github.com/facebookincubator/mvfst/commit/a67083ff4b8dcbb7ee2839da6338032030d712b0 https://www.facebook.com/security/advisories/cve-2021-24029	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24029`	not_vulnerable	2026-06-03 14:43:55.985194	Details available A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. Published: 2021-03-15T21:15:16.000Z Updated: 2024-08-03T19:21:17.115Z Open on db.gcve.eu Reference links https://github.com/facebookincubator/mvfst/commit/a67083ff4b8dcbb7ee2839da6338032030d712b0 https://www.facebook.com/security/advisories/cve-2021-24029	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.