Hhvm
CVE-2018-6334
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (fb) · only source for this CVE.
CVSS VectorVendor: fb
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
AnalysisAI
Multipart-file uploads call variables to be improperly registered in the global scope. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-621. Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). Affected products include: Facebook Hhvm.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vector
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown v
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via u
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vector
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds wri
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function ca
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.30.12, all ve
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory.30.12, al
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution.30.
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory,
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today