CVE-2014-5386
First published: Sun Dec 28 2014(Updated: )
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HipHop Virtual Machine | <=3.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-5386?
CVE-2014-5386 is considered a high severity vulnerability due to the potential impact on cryptographic protection mechanisms.
How do I fix CVE-2014-5386?
To fix CVE-2014-5386, upgrade to HipHop Virtual Machine version 3.3.0 or later.
What does CVE-2014-5386 affect?
CVE-2014-5386 affects the random number generator used in the mcrypt_create_iv function within certain versions of the HipHop Virtual Machine.
Can CVE-2014-5386 lead to data breaches?
Yes, CVE-2014-5386 can potentially lead to data breaches as it allows attackers to weaken cryptographic protections.
Is CVE-2014-5386 a remote attack vector?
Yes, CVE-2014-5386 can be exploited remotely by attackers to undermine cryptographic security.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/facebook
- canonical/hiphop virtual machine
- version/hiphop virtual machine/3.2.0