CVE-2018-6335: Input Validation
First published: Mon Dec 31 2018(Updated: )
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook HHVM | <=3.21.10 | |
| Facebook HHVM | =3.24.6 | |
| Facebook HHVM | =3.25.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6335?
CVE-2018-6335 is a vulnerability in Facebook HHVM where a malformed h2 frame can cause a 'std::out_of_range' exception when parsing priority metadata, leading to a denial-of-service.
How does CVE-2018-6335 affect HHVM?
CVE-2018-6335 affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
What is the severity of CVE-2018-6335?
The severity of CVE-2018-6335 is rated as high with a CVSS score of 7.5.
How can I fix CVE-2018-6335?
To fix CVE-2018-6335, it is recommended to upgrade HHVM to version 3.25.3 or later, which contains the fix for this vulnerability.
Are there any references for CVE-2018-6335?
Yes, you can find more information about CVE-2018-6335 in the following references: [GitHub commit](https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56) and [HHVM blog post](https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html).
- collector/nvd-index
- vendor/facebook
- canonical/facebook hhvm
- version/facebook hhvm/3.21.10
- version/facebook hhvm/3.24.6
- version/facebook hhvm/3.25.2