A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
{
"cpe": [
"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:3.24.6:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:3.25.2:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "3.21.10"
},
{
"introduced": "3.24.6"
},
{
"last_affected": "3.24.6"
},
{
"introduced": "3.25.2"
},
{
"last_affected": "3.25.2"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}