CVE-2014-5386

2014-12-2815:00:00

mitre

www.cve.org

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.5%

JSON

The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.

References

github.com/facebook/hhvm/commit/ab6fdeb84fb090b48606b6f7933028cfe7bf3a5e