Home

Description

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.

PUBLISHED Reserved 2025-03-21 | Published 2025-07-11 | Updated 2025-07-11 | Assigner facebook

Problem types

Heap-based Buffer Overflow (CWE-122)

Product status

Default status
unaffected

v2025.03.24.00 (semver) before v2025.07.07.00
affected

References

www.facebook.com/security/advisories/cve-2025-30403

github.com/...ommit/65b297332191de6e867c4a3139a233fc84c0e7e0

cve.org (CVE-2025-30403)

nvd.nist.gov (CVE-2025-30403)

Download JSON