CVE-2016-1000005

EPSS 0.53%
Veröffentlicht 19.02.2020 13:15:10
Zuletzt bearbeitet 21.11.2024 02:42:50
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Facebook ≫ Hhvm Version < 3.9.5

Facebook ≫ Hhvm Version >= 3.10.0 <= 3.12.3

Facebook ≫ Hhvm Version >= 3.13.0 <= 3.14.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.665

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://github.com/facebook/hhvm/commit/39e7e177473350b3a5c34e8824af3b98e25efa89

Patch

Third Party Advisory

https://www.facebook.com/security/advisories/cve-2016-1000005

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1000005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1000005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1000005

EUVD