CVE-2018-6335

Name of the Vulnerable Software and Affected Versions HHVM versions 3.25.2, 3.24.6, and 3.21.10 and below

Description The issue arises from a malformed h2 frame that causes an 'std::out of range' exception when parsing priority meta data, potentially leading to denial-of-service. This occurs when the proxygen server is used to handle HTTP2 requests.

Recommendations For HHVM versions 3.25.2, 3.24.6, and 3.21.10 and below, consider disabling the proxygen server for HTTP2 requests until a patch is available. Restrict access to the proxygen server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.