Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-5386

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-5386
Last Modified 30 Dec 2014 10:33:33
Published 28 Dec 2014 10:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-5386

Summary

The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.

Vulnerable Systems

Application

  • Facebook Hiphop Virtual Machine 3.2.0


References

CONFIRM - https://github.com/facebook/hhvm/commit/ab6fdeb84fb090b48606b6f7933028cfe7bf3a5e


Last Updated: 27 May 2016 11:07:22