Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6229

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-6229
Last Modified 30 Dec 2014 10:34:41
Published 28 Dec 2014 10:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-6229

Summary

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.

Vulnerable Systems

Application

  • Facebook Hiphop Virtual Machine 3.2.0


References

CONFIRM - https://github.com/facebook/hhvm/commit/7135ec229882370a00411aa50030eada6034cc1b

CONFIRM - http://hhvm.com/blog/6239/hhvm-3-3-0


Last Updated: 27 May 2016 11:07:23