PT-2018-17482 · Facebook · Hhvm
Published
2018-12-03
·
Updated
2025-05-06
·
CVE-2018-6332
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
HHVM versions 3.24.3 and 3.21.7 and below
Description
A potential denial-of-service issue exists in the Proxygen handling of invalid HTTP2 settings, causing the server to spend disproportionate resources when handling HTTP2 requests using the proxygen server.
Recommendations
For HHVM versions 3.24.3 and 3.21.7 and below, consider disabling the use of the proxygen server for handling HTTP2 requests as a temporary workaround until a patch is available. Restrict access to the proxygen server to minimize the risk of exploitation.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hhvm