Denial-of-Service Vulnerability in HHVM's Proxygen Server when Parsing Malformed h2 Frame

Denial-of-Service Vulnerability in HHVM's Proxygen Server when Parsing Malformed h2 Frame

CVE-2018-6335 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.

Learn more about our Cis Benchmark Audit For Server Software.