Fredemmott

**Name of the Vulnerable Software and Affected Versions** HHVM versions 3.25.2, 3.24.6, and 3.21.10 and below **Description** The issue arises from a malformed h2 frame that causes an 'std::out of range' exception when parsing priority meta data, potentially leading to denial-of-service. This occurs when the proxygen server is used to handle HTTP2 requests. **Recommendations** For HHVM versions 3.25.2, 3.24.6, and 3.21.10 and below, consider disabling the proxygen server for HTTP2 requests until a patch is available. Restrict access to the proxygen server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.