QwikSec

Security Database

CVE

CWE

Training

CVE-2018-6335

Published: Dec 31, 2018

Modified: May 6, 2025

PUBLISHED

Description

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.

Vendor	Product	Versions
Facebook	HHVM	affected `3.25.3` affected `3.25.0` affected `3.24.7` affected `3.22.0` affected `3.21.11` +1 more versions

Weaknesses (CWE)

References

https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html

x_refsource_MISC

https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.