Denial-of-Service Vulnerability in HHVM's Proxygen Server when Parsing Malformed h2 Frame
CVE-2018-6335 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:N/A:P
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
Learn more about our Cis Benchmark Audit For Server Software.