Latest facebook hhvm Vulnerabilities

CVE-2022-36937
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4,...
Facebook HHVM<4.153.4
Facebook HHVM>=4.154.0<4.168.2
Facebook HHVM>=4.169.0<4.169.2
Facebook HHVM>=4.170.0<4.170.2
Facebook HHVM=4.171.0
Facebook HHVM=4.172.0
CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the cu...
Facebook HHVM<4.56.2
Facebook HHVM>=4.57.0<=4.78.0
Facebook HHVM=4.79.0
Facebook HHVM=4.80.0
Facebook HHVM=4.81.0
Facebook HHVM=4.82.0
and 1 more
CVE-2021-24036
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects...
Facebook Folly<2021.07.22.00
Facebook HHVM<4.80.5
Facebook HHVM>=4.81.0<=4.102.1
Facebook HHVM>=4.103.0<=4.113.0
Facebook HHVM=4.114.0
Facebook HHVM=4.115.0
and 4 more
CVE-2020-1899
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were stat...
Facebook HHVM<4.32.3
Facebook HHVM>=4.33.0<4.56.1
Facebook HHVM=4.57.0
Facebook HHVM=4.58.0
Facebook HHVM=4.58.1
Facebook HHVM=4.59.0
and 3 more
CVE-2020-1900
Facebook HHVM<4.32.3
Facebook HHVM>=4.33.0<4.56.1
Facebook HHVM=4.57.0
Facebook HHVM=4.58.0
Facebook HHVM=4.58.1
Facebook HHVM=4.59.0
and 3 more
CVE-2020-1898
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. Th...
Facebook HHVM<4.32.3
Facebook HHVM>=4.33.0<4.56.1
Facebook HHVM=4.57.0
Facebook HHVM=4.58.0
Facebook HHVM=4.58.1
Facebook HHVM=4.59.0
and 3 more
CVE-2021-24025
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHV...
Facebook HHVM<4.56.3
Facebook HHVM>=4.57.0<=4.80.1
Facebook HHVM>=4.81.0<=4.93.1
Facebook HHVM=4.94.0
Facebook HHVM=4.95.0
Facebook HHVM=4.96.0
and 2 more
CVE-2020-1921
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3,...
Facebook HHVM<4.56.3
Facebook HHVM>=4.57.0<4.80.2
Facebook HHVM>=4.81.0<4.93.2
Facebook HHVM=4.94.0
Facebook HHVM=4.95.0
Facebook HHVM=4.96.0
and 2 more
CVE-2020-1917
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buff...
Facebook HHVM<4.56.3
Facebook HHVM>=4.57.0<4.80.2
Facebook HHVM>=4.81.0<4.93.2
Facebook HHVM=4.94.0
Facebook HHVM=4.95.0
Facebook HHVM=4.96.0
and 2 more
CVE-2020-1916
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all vers...
Facebook HHVM<4.56.2
Facebook HHVM>=4.57.0<4.78.1
Facebook HHVM=4.79.0
Facebook HHVM=4.80.0
Facebook HHVM=4.81.0
Facebook HHVM=4.82.0
and 1 more
CVE-2020-1918
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions...
Facebook HHVM<4.56.3
Facebook HHVM>=4.57.0<4.80.2
Facebook HHVM>=4.81.0<4.93.2
Facebook HHVM=4.94.0
Facebook HHVM=4.95.0
Facebook HHVM=4.96.0
and 2 more
CVE-2020-1893
Facebook HHVM<4.8.7
Facebook HHVM>=4.9.0<=4.32.0
Facebook HHVM>=4.33.0<=4.38.0
Facebook HHVM=4.39.0
Facebook HHVM=4.40.0
Facebook HHVM=4.41.0
and 4 more
CVE-2020-1888
Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39....
Facebook HHVM<4.8.7
Facebook HHVM>=4.9.0<=4.32.0
Facebook HHVM>=4.33.0<=4.38.0
Facebook HHVM=4.39.0
Facebook HHVM=4.40.0
Facebook HHVM=4.41.0
and 4 more
CVE-2016-1000005
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9....
Facebook HHVM<3.9.5
Facebook HHVM>=3.10.0<=3.12.3
Facebook HHVM>=3.13.0<=3.14.1
CVE-2016-1000004
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0...
Facebook HHVM<3.9.5
Facebook HHVM>=3.10.0<=3.12.3
Facebook HHVM>=3.13.0<=3.14.1
CVE-2016-1000109
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment va...
Facebook HHVM<3.9.6
Facebook HHVM>=3.10.0<=3.12.4
Facebook HHVM>=3.13.0<=3.14.2
CVE-2019-11935
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5,...
Facebook HHVM<3.30.12
Facebook HHVM>=4.0.0<=4.8.5
Facebook HHVM>=4.9.0<=4.23.1
Facebook HHVM=4.24.0
Facebook HHVM=4.25.0
Facebook HHVM=4.26.0
and 3 more
CVE-2019-11936
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all...
Facebook HHVM<3.30.12
Facebook HHVM>=4.0.0<=4.8.5
Facebook HHVM>=4.9.0<=4.23.1
Facebook HHVM=4.24.0
Facebook HHVM=4.25.0
Facebook HHVM=4.26.0
and 3 more
CVE-2019-11930
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and ...
Facebook HHVM<3.30.12
Facebook HHVM>=4.0.0<=4.8.5
Facebook HHVM>=4.9.0<=4.23.1
Facebook HHVM=4.24.0
Facebook HHVM=4.25.0
Facebook HHVM=4.26.0
and 3 more
CVE-2016-1000006
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
ubuntu/hhvm<3.12.11+dfsg-1
<3.12.11
Facebook HHVM<3.12.11
debian/hhvm
CVE-2019-11929
Facebook HHVM<3.30.10
Facebook HHVM>=4.0.0<=4.8.5
Facebook HHVM>=4.9.0<=4.18.2
Facebook HHVM=4.19.0
Facebook HHVM=4.19.1
Facebook HHVM=4.20.0
and 5 more
CVE-2019-11925
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue aff...
Facebook HHVM<=3.30.9
Facebook HHVM>=4.0.0<=4.8.3
Facebook HHVM>=4.9.0<=4.15.2
Facebook HHVM>=4.16.0<=4.16.3
Facebook HHVM>=4.17.0<=4.17.2
Facebook HHVM>=4.18.0<=4.18.1
and 2 more
CVE-2019-11926
Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issu...
Facebook HHVM<=3.30.9
Facebook HHVM>=4.0.0<=4.8.3
Facebook HHVM>=4.9.0<=4.15.2
Facebook HHVM>=4.16.0<=4.16.3
Facebook HHVM>=4.17.0<=4.17.2
Facebook HHVM>=4.18.0<=4.18.1
and 2 more
CVE-2018-6345
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be cre...
Facebook HHVM<=3.27.5
Facebook HHVM>=3.28.0<=3.30.1
CVE-2019-3557
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line,...
Facebook HHVM<=3.27.4
Facebook HHVM>=3.28.0<=3.30.0
CVE-2018-6337
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM...
Facebook Folly>=2017.12.11.00<=2018.08.09.00
Facebook HHVM>=3.26<3.26.3
CVE-2018-6340
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported ve...
Facebook HHVM<=3.27.4
Facebook HHVM=3.30
CVE-2018-6335
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, ...
Facebook HHVM<=3.21.10
Facebook HHVM=3.24.6
Facebook HHVM=3.25.2
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This...
Facebook HHVM<=3.21.9
Facebook HHVM>=3.21.10<=3.24.5
Facebook HHVM>=3.24.6<=3.25.1
CVE-2018-6332
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24...
Facebook HHVM<=3.21.7
Facebook HHVM=3.24.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203