CVE-2014-6229

Facebook HipHop Virtual Machine <3.3.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://hhvm.com/blog/6239/hhvm-3-3-0

Scores

EPSS 0.0168
EPSS Percentile 74.2%

Details

CWE
CWE-200
Status published
Products (1)
facebook/hiphop_virtual_machine < 3.2.0
Published Dec 28, 2014
Tracked Since Feb 18, 2026