CVE-2016-1000004
published 2020-02-19CVE-2016-1000004: Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.8th percentile
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hhvm | < 3.9.5 | 3.9.5 | |
| hhvm | 3.10.0 – 3.12.3 | — | |
| hhvm | 3.13.0 – 3.14.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hqgf-37rq-g39g: Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom
ghsa_unreviewed·2022-05-24
CVE-2016-1000004 [HIGH] GHSA-hqgf-37rq-g39g: Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
OSV
CVE-2016-1000004: Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom
osv·2020-02-19·CVSS 9.8
CVE-2016-1000004 [CRITICAL] CVE-2016-1000004: Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-19
Published