Skip to main content

Hhvm CVE-2016-6875

CRITICAL
2017-02-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 17, 2017 - 17:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

AnalysisAI

Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Affected products include: Facebook Hhvm. Version information: before 3.15.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Hhvm

View all
CVE-2016-6870 CRITICAL
9.8 Feb 17

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM

CVE-2016-6874 CRITICAL
9.8 Feb 17

The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown v

CVE-2016-6873 CRITICAL
9.8 Feb 17

Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors

CVE-2016-6872 CRITICAL
9.8 Feb 17

Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via u

CVE-2016-6871 CRITICAL
9.8 Feb 17

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vector

CVE-2021-24036 CRITICAL
9.8 Jul 23

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds wri

CVE-2021-24025 CRITICAL
9.8 Mar 10

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function ca

CVE-2019-11936 CRITICAL
9.8 Dec 04

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.30.12, all ve

CVE-2019-11935 CRITICAL
9.8 Dec 04

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory.30.12, al

CVE-2019-11930 CRITICAL
9.8 Dec 04

An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution.30.

CVE-2019-11929 CRITICAL
9.8 Oct 02

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory,

CVE-2019-11926 CRITICAL
9.8 Sep 06

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to

Share

CVE-2016-6875 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy