Sign-up

ID

VAR-201812-0587


CVE

CVE-2018-6335


TITLE

HHVM Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013389

DESCRIPTION

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. HHVM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages. There are security vulnerabilities in Facebook HHVM 3.25.2 and earlier, 3.24.6 and earlier, and 3.21.10 and earlier. An attacker could use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2018-6335 // JVNDB: JVNDB-2018-013389 // CNVD: CNVD-2019-37157

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-37157

AFFECTED PRODUCTS

vendor:facebookmodel:hhvmscope:eqversion:3.25.2

Trust: 1.6

vendor:facebookmodel:hhvmscope:eqversion:3.24.6

Trust: 1.6

vendor:facebookmodel:hhvmscope:lteversion:3.21.10

Trust: 1.0

vendor:facebookmodel:hiphop virtual machinescope:lteversion:3.21.10

Trust: 0.8

vendor:facebookmodel:hiphop virtual machinescope:eqversion:3.24.6

Trust: 0.8

vendor:facebookmodel:hiphop virtual machinescope:eqversion:3.25.2

Trust: 0.8

vendor:facebookmodel:hhvmscope:lteversion:<=3.21.10

Trust: 0.6

vendor:facebookmodel:hhvmscope:lteversion:<=3.24.6

Trust: 0.6

vendor:facebookmodel:hhvmscope:lteversion:<=3.25.2

Trust: 0.6

vendor:facebookmodel:hhvmscope:eqversion:3.21.10

Trust: 0.6

sources: CNVD: CNVD-2019-37157 // JVNDB: JVNDB-2018-013389 // CNNVD: CNNVD-201812-1312 // NVD: CVE-2018-6335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6335
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2018-6335
value: HIGH

Trust: 1.0

NVD: CVE-2018-6335
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-37157
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-1312
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-6335
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-37157
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-6335
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2018-6335
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-37157 // JVNDB: JVNDB-2018-013389 // CNNVD: CNNVD-201812-1312 // NVD: CVE-2018-6335 // NVD: CVE-2018-6335

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-400

Trust: 1.0

sources: JVNDB: JVNDB-2018-013389 // NVD: CVE-2018-6335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1312

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201812-1312

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013389

PATCH
title:HHVM 3.25.3, HHVM 3.24.7, and 3.21.11url:https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
Trust: 0.8
title:[security][CVE-2018-6335] Fix potential crash in HTTP2 padding handlingurl:https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
Trust: 0.8
title:Patch for Facebook HHVM Denial of Service Vulnerability (CNVD-2019-37157)url:https://www.cnvd.org.cn/patchInfo/show/186949
Trust: 0.6
title:Facebook HHVM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88234
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37157 // 
            
            
            
            JVNDB: JVNDB-2018-013389 // 
            
            
            
            CNNVD: CNNVD-201812-1312

EXTERNAL IDS
db:NVDid:CVE-2018-6335
Trust: 3.0
db:JVNDBid:JVNDB-2018-013389
Trust: 0.8
db:CNVDid:CNVD-2019-37157
Trust: 0.6
db:CNNVDid:CNNVD-201812-1312
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37157 // 
            
            
            
            JVNDB: JVNDB-2018-013389 // 
            
            
            
            CNNVD: CNNVD-201812-1312 // 
            
            
            
            NVD: CVE-2018-6335

REFERENCES
url:https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
Trust: 2.2
url:https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6335
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6335
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-37157 // 
            
            
            
            JVNDB: JVNDB-2018-013389 // 
            
            
            
            CNNVD: CNNVD-201812-1312 // 
            
            
            
            NVD: CVE-2018-6335

SOURCES
db:CNVDid:CNVD-2019-37157
db:JVNDBid:JVNDB-2018-013389
db:CNNVDid:CNNVD-201812-1312
db:NVDid:CVE-2018-6335

LAST UPDATE DATE
2025-05-07T23:03:25.552000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-37157date:2019-10-25T00:00:00
db:JVNDBid:JVNDB-2018-013389date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201812-1312date:2019-10-17T00:00:00
db:NVDid:CVE-2018-6335date:2025-05-06T19:15:53.723

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-37157date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2018-013389date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201812-1312date:2019-01-02T00:00:00
db:NVDid:CVE-2018-6335date:2018-12-31T19:29:00.417