CVE Vulnerabilities

CVE-2018-6332

Published: Dec 03, 2018 | Modified: Oct 09, 2019
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.

Affected Software

Name Vendor Start Version End Version
Hhvm Facebook * 3.21.7 (including)
Hhvm Facebook 3.24.3 (including) 3.24.3 (including)
Hhvm Ubuntu artful *
Hhvm Ubuntu bionic *
Hhvm Ubuntu upstream *
Hhvm Ubuntu xenial *

References