CVE-2018-6332
First published: Mon Dec 03 2018(Updated: )
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook HHVM | <=3.21.7 | |
| Facebook HHVM | =3.24.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6332?
CVE-2018-6332 is a potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources.
Which versions of HHVM are affected by CVE-2018-6332?
The affected versions of HHVM are 3.24.3 and 3.21.7 and below.
What is the severity of CVE-2018-6332?
The severity of CVE-2018-6332 is medium with a severity value of 5.9.
How can CVE-2018-6332 be exploited?
CVE-2018-6332 can be exploited by sending invalid HTTP2 settings to the Proxygen server, causing it to allocate excessive resources.
How do I mitigate CVE-2018-6332?
To mitigate CVE-2018-6332, update HHVM to version 3.25 or later, as the issue is fixed in that release.
- collector/nvd-index
- vendor/facebook
- product/hhvm
- canonical/facebook hhvm