CVE-2018-6332

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-6332

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6332.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6332

Downstream

UBUNTU-CVE-2018-6332

Published

2018-12-03T14:29:00.457Z

Modified

2026-03-14T09:30:28.318090Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.

References

https://hhvm.com/blog/2018/03/15/hhvm-3.25.html

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type

GIT

Repo

https://github.com/facebook/hhvm

Events

Introduced

Last affected

ff8010d6132bba32037a757be1a25a395a528f75

Introduced

Last affected

603df11c2d05f581c9c4e5841e351c13f6742231

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.21.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.24.3"
        }
    ]
}

Affected versions

HHVM-3.*

HHVM-3.21.0

HHVM-3.21.1

HHVM-3.21.2

HHVM-3.21.3

HHVM-3.21.4

HHVM-3.21.5

HHVM-3.21.6

HHVM-3.21.7

HHVM-3.24.0

HHVM-3.24.1

HHVM-3.24.2

HHVM-3.24.3

HPHP-2.*

HPHP-2.1.0

gcc-4.*

gcc-4.6

Other

pre-hhvm

src-hphp

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6332.json"