cbcvebase.

Facebook Hhvm vulnerabilities

41 known vulnerabilities affecting facebook/hhvm.

Total CVEs
41
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL26HIGH13MEDIUM2

Vulnerabilities

Page 1 of 3
CVE-2019-11929P2CRITICALCVSS 9.8fixed in 3.30.10≥ 4.0.0, ≤ 4.8.5+26 more2019-10-02
CVE-2019-11929 [CRITICAL] CWE-119 CVE-2019-11929: Insufficient boundary checks when formatting numbers in number_format allows read/write access to ou Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.
nvd
CVE-2021-24036P2CRITICALCVSS 9.8fixed in 4.80.5≥ 4.81.0, ≤ 4.102.1+12 more2021-07-23
CVE-2021-24036 [CRITICAL] CWE-122 CVE-2021-24036: Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions be
nvd
CVE-2019-11930P3CRITICALCVSS 9.8fixed in 3.30.12≥ 4.0.0, ≤ 4.8.5+23 more2019-12-04
CVE-2019-11930 [CRITICAL] CWE-763 CVE-2019-11930: An invalid free in mb_detect_order can cause the application to crash or potentially result in remot An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
nvd
CVE-2019-11926P3CRITICALCVSS 9.8≤ 3.30.9≥ 4.0.0, ≤ 4.8.3+23 more2019-09-06
CVE-2019-11926 [CRITICAL] CWE-119 CVE-2019-11926: Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension co Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3,
nvd
CVE-2019-11925P3CRITICALCVSS 9.8≤ 3.30.9≥ 4.0.0, ≤ 4.8.3+23 more2019-09-06
CVE-2019-11925 [CRITICAL] CWE-119 CVE-2019-11925: Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could a Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.
nvd
CVE-2020-1917P3CRITICALCVSS 9.8fixed in 4.56.3≥ 4.57.0, < 4.80.2+9 more2021-03-10
CVE-2020-1917 [CRITICAL] CWE-122 CVE-2020-1917: xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all v
nvd
CVE-2021-24025P3CRITICALCVSS 9.8fixed in 4.56.3≥ 4.57.0, ≤ 4.80.1+9 more2021-03-10
CVE-2021-24025 [CRITICAL] CWE-122 CVE-2021-24025: Due to incorrect string size calculations inside the preg_quote function, a large input string passe Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97
nvd
CVE-2019-11935P3CRITICALCVSS 9.8fixed in 3.30.12≥ 4.0.0, ≤ 4.8.5+23 more2019-12-04
CVE-2019-11935 [CRITICAL] CWE-125 CVE-2019-11935: Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bou Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
nvd
CVE-2019-3556P3HIGHCVSS 8.1fixed in 4.56.2≥ 4.57.0, ≤ 4.78.0+12 more2021-10-26
CVE-2019-3556 [HIGH] CWE-22 CVE-2019-3556: HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of t HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validate
nvd
CVE-2019-3570P3CRITICALCVSS 9.8v4.8.1v4.8.0+12 more2019-07-18
CVE-2019-3570 [CRITICAL] CWE-122 CVE-2019-3570: Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters
nvd
CVE-2016-1000005P3CRITICALCVSS 9.8fixed in 3.9.5≥ 3.10.0, ≤ 3.12.3+1 more2020-02-19
CVE-2016-1000005 [CRITICAL] CWE-843 CVE-2016-1000005: mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
nvd
CVE-2019-3561P3CRITICALCVSS 9.8≤ 3.27.7≥ 3.28.0, ≤ 3.30.4+7 more2019-04-29
CVE-2019-3561 [CRITICAL] CWE-119 CVE-2019-3561: Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds me Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).
nvd
CVE-2020-1916P3CRITICALCVSS 9.8fixed in 4.56.2≥ 4.57.0, < 4.78.1+7 more2021-03-10
CVE-2020-1916 [CRITICAL] CWE-122 CVE-2020-1916: An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
nvd
CVE-2018-6334P3CRITICALCVSS 9.8≤ 3.21.9≥ 3.21.10, ≤ 3.24.5+7 more2018-12-31
CVE-2018-6334 [CRITICAL] CWE-621 CVE-2018-6334: Multipart-file uploads call variables to be improperly registered in the global scope. In cases wher Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
nvd
CVE-2016-1000004P3CRITICALCVSS 9.8fixed in 3.9.5≥ 3.10.0, ≤ 3.12.3+1 more2020-02-19
CVE-2016-1000004 [CRITICAL] CWE-345 CVE-2016-1000004: Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode an Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
nvd
CVE-2022-36937P3CRITICALCVSS 9.8fixed in 4.153.4≥ 4.154.0, < 4.168.2+7 more2023-05-10
CVE-2022-36937 [CRITICAL] CWE-327 CVE-2022-36937: HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_clien
nvd
CVE-2019-11936P3CRITICALCVSS 9.8fixed in 3.30.12≥ 4.0.0, ≤ 4.8.5+23 more2019-12-04
CVE-2019-11936 [CRITICAL] CWE-626 CVE-2019-11936: Various APC functions accept keys containing null bytes as input, leading to premature truncation of Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
nvd
CVE-2020-1900P3CRITICALCVSS 9.8fixed in 4.32.3≥ 4.33.0, < 4.56.1+10 more2021-03-11
CVE-2020-1900 [CRITICAL] CWE-416 CVE-2020-1900: When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0,
nvd
CVE-2018-6345P3CRITICALCVSS 9.8≤ 3.27.5≥ 3.28.0, ≤ 3.30.1+4 more2019-01-15
CVE-2018-6345 [CRITICAL] CWE-122 CVE-2018-6345: The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_poi The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and be
nvd
CVE-2019-3557P3CRITICALCVSS 9.8≤ 3.27.4≥ 3.28.0, ≤ 3.30.0+4 more2019-01-15
CVE-2019-3557 [CRITICAL] CWE-125 CVE-2019-3557: The implementations of streams for bz2 and php://output improperly implemented their readImpl functi The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This
nvd
Facebook Hhvm vulnerabilities | cvebase