Skip to main content

Hhvm CVE-2016-6871

CRITICAL
Integer Overflow or Wraparound (CWE-190)
2017-02-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 17, 2017 - 17:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.

AnalysisAI

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. Affected products include: Facebook Hhvm. Version information: before 3.15.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Hhvm

View all
CVE-2016-6870 CRITICAL
9.8 Feb 17

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM

CVE-2016-6875 CRITICAL
9.8 Feb 17

Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vector

CVE-2016-6874 CRITICAL
9.8 Feb 17

The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown v

CVE-2016-6873 CRITICAL
9.8 Feb 17

Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors

CVE-2016-6872 CRITICAL
9.8 Feb 17

Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via u

CVE-2021-24036 CRITICAL
9.8 Jul 23

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds wri

CVE-2021-24025 CRITICAL
9.8 Mar 10

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function ca

CVE-2019-11936 CRITICAL
9.8 Dec 04

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.30.12, all ve

CVE-2019-11935 CRITICAL
9.8 Dec 04

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory.30.12, al

CVE-2019-11930 CRITICAL
9.8 Dec 04

An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution.30.

CVE-2019-11929 CRITICAL
9.8 Oct 02

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory,

CVE-2019-11926 CRITICAL
9.8 Sep 06

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to

Share

CVE-2016-6871 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy