CVE-2018-6346

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...

CVE-2018-6343

CVE-2018-6343 affects Facebook Proxygen. The issue arises when Proxygen fails to validate that a secondary auth manager is set before dereferencing it during parsing of Certificate/CertificateRequest HTTP2 Frames over fizz (TLS 1.3), leading to potential denial of service. Affected versions are v...

CVE-2018-6347

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00...

CVE-2018-6347

CVE-2018-6347 describes a denial-of-service vulnerability in the Proxygen HTTP/2 parser, where handling of HTTP2 headers/trailers can be exploited to trigger a crash or partial outage. The issue affects Proxygen versions prior to 2018.12.31.00. The connected PT-2018-17494 entry and CNVD/NVD recor...

CVE-2018-6347

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00...

CVE-2018-6335

A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM 3.25.2, 3.24.6, and 3.21.10 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6335

CVE-2018-6335 affects HHVM's proxygen HTTP/2 handling. A malformed h2 frame can trigger a std::out_of_range exception during parsing of priority metadata, leading to a denial-of-service. Affected versions are HHVM 3.25.2, 3.24.6, 3.21.10 and earlier when using the proxygen server. The vulnerabili...

CVE-2018-6335

A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM 3.25.2, 3.24.6, and 3.21.10 and below when using the proxygen server to handle HTTP2 requests...

Design/Logic Flaw

A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM 3.25.2, 3.24.6, and 3.21.10 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6335

A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM 3.25.2, 3.24.6, and 3.21.10 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6335

A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM 3.25.2, 3.24.6, and 3.21.10 and below when using the proxygen server to handle HTTP2 requests...

PT-2018-17485 · Facebook · Hhvm

Name of the Vulnerable Software and Affected Versions: HHVM versions 3.25.2, 3.24.6, and 3.21.10 and below Description: The issue arises from a malformed h2 frame that causes an 'std::out of range' exception when parsing priority meta data, potentially leading to denial-of-service. This occurs wh...

PT-2018-17491 · Facebook · Proxygen

Name of the Vulnerable Software and Affected Versions: Proxygen versions v2018.10.29.00 through v2018.11.19.00 Description: The issue is related to the failure of Proxygen to validate that a secondary auth manager is set before dereferencing it, which can cause a denial of service issue. This...

UBUNTU-CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

h2o/h2o-fuzzer-http2: Heap-buffer-overflow in emit_writereq_of_openref

Project: https://github.com/h2o/h2o.git Detailed report: https://oss-fuzz.com/testcase?key=5130696692072448 Project: h2o Fuzzer: aflh2o-fuzzer-http2 Fuzz target binary: h2o-fuzzer-http2 Job Type: aflasanh2o Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x60b0000001c8...

Apache2 mod_http2 header Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP2 headers. A crafted HTTP2 request can trigger a...

Denial of service

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...