CVE-2014-6229: Infoleak
First published: Sun Dec 28 2014(Updated: )
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HipHop Virtual Machine | <=3.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6229?
CVE-2014-6229 has a medium severity rating due to its potential for information disclosure.
How do I fix CVE-2014-6229?
To fix CVE-2014-6229, upgrade Facebook HipHop Virtual Machine to version 3.3.0 or later.
What is the impact of CVE-2014-6229?
CVE-2014-6229 allows remote attackers to read sensitive information by exploiting improper string termination in HHVM.
Which versions of HHVM are affected by CVE-2014-6229?
CVE-2014-6229 affects Facebook HipHop Virtual Machine versions prior to 3.3.0.
Is CVE-2014-6229 exploitable remotely?
Yes, CVE-2014-6229 is exploitable remotely, allowing attackers to gain unauthorized access to sensitive information.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/facebook
- canonical/hiphop virtual machine
- version/hiphop virtual machine/3.2.0