A critical denial-of-service (DoS) vulnerability in Facebook’s open-source implementation of the transport layer security (TLS) 1.3 protocol could cause an infinite loop. Facebook Fizz is used on most of Facebook s infrastructure to facilitate secure communications with web services using HTTPS. The vulnerability is relatively easy to trigger by an unauthenticated remote attacker by sending a malicious message via TCP to any server that uses Fizz. Facebook has fixed the flaw in its own implementations of Fizz, and other web applications that rely on Fizz are advised to upgrade their libraries as a matter of urgency.
Source: https://threatpost.com/dos-bug-facebook-fizz-tls/143086/