CVE-2018-6347

Step 1: Payload Delivery: An attacker crafts a malicious HTTP/2 request. This request contains either a large number of headers/trailers, extremely large headers/trailers, or malformed headers/trailers. Step 2: Request Processing: The vulnerable Proxygen library receives and begins to parse the malicious HTTP/2 request. Step 3: Resource Exhaustion: Due to the parsing flaw, the library attempts to allocate excessive resources (memory, CPU) to process the malformed headers/trailers. Step 4: Denial of Service: The excessive resource consumption leads to a denial-of-service condition, either by crashing the server process, exhausting available memory, or causing the server to become unresponsive to legitimate requests.

The vulnerability stems from a flaw in Proxygen's HTTP/2 header/trailer parsing logic. Specifically, the library fails to adequately validate the size or structure of incoming headers and trailers. This can lead to excessive resource consumption, such as memory allocation or CPU utilization, when processing malicious HTTP/2 frames. The root cause is likely an insufficient check on the size of the header/trailer data, allowing an attacker to craft a request with an extremely large or malformed header/trailer section. This can trigger a buffer overflow or other resource exhaustion issues, ultimately leading to a DoS condition. The specific function or logic flaw likely resides within the parsing routines responsible for handling HTTP/2 frame data, where the library fails to properly sanitize or limit the size of the incoming header/trailer data.