CVE-2016-1000006
published 2019-11-19CVE-2016-1000006: hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
PriorityP343critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.57%
72.3th percentile
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hhvm | < 3.12.11 | 3.12.11 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j59w-vmvh-rmmh: hhvm before 3
ghsa_unreviewed·2022-05-24
CVE-2016-1000006 [HIGH] GHSA-j59w-vmvh-rmmh: hhvm before 3
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
OSV
CVE-2016-1000006: hhvm before 3
osv·2019-11-19·CVSS 9.8
CVE-2016-1000006 [CRITICAL] CVE-2016-1000006: hhvm before 3
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000006.htmlhttps://security-tracker.debian.org/tracker/CVE-2016-1000006https://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg506329.htmlhttps://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000006.htmlhttps://security-tracker.debian.org/tracker/CVE-2016-1000006https://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg506329.html
2019-11-19
Published