CVE-2018-6335

Summary

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.

Affected Software

VendorProductVersion RangeStatus
FacebookHHVM3.25.3affected
FacebookHHVM3.25.0affected
FacebookHHVM3.24.7affected
FacebookHHVM3.22.0affected
FacebookHHVM3.21.11affected
FacebookHHVMunspecified < 3.21.11affected

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References