CVE-2016-1000005
published 2020-02-19CVE-2016-1000005: mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This…
PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.39%
68.9th percentile
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hhvm | < 3.9.5 | 3.9.5 | |
| hhvm | 3.10.0 – 3.12.3 | — | |
| hhvm | 3.13.0 – 3.14.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8jmq-q75q-rmj9: mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed
ghsa_unreviewed·2022-05-24
CVE-2016-1000005 [HIGH] GHSA-8jmq-q75q-rmj9: mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
OSV
CVE-2016-1000005: mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed
osv·2020-02-19·CVSS 9.8
CVE-2016-1000005 [CRITICAL] CVE-2016-1000005: mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-19
Published