Lucene search

[email protected]CVE-2014-5386

HistoryDec 28, 2014 - 3:59 p.m.

CVE-2014-5386

2014-12-2815:59:02

CWE-310

[email protected]

web.nvd.nist.gov

cve-2014-5386

facebook hiphop virtual machine

hhvm

mcrypt_create_iv

cryptographic protection

remote attackers

initialization vector

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON

The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.

Affected configurations

NVD

Node

facebookhiphop_virtual_machineRange≤3.2.0

CPENameOperatorVersion
facebook:hiphop_virtual_machinefacebook hiphop virtual machinele3.2.0

CPE	Name	Operator	Version
facebook:hiphop_virtual_machine	facebook hiphop virtual machine	le	3.2.0

References

github.com/facebook/hhvm/commit/ab6fdeb84fb090b48606b6f7933028cfe7bf3a5e

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON

Related for CVE-2014-5386

prion1 nvd1 cvelist1