CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.1%
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Vendor | Product | Version | CPE |
---|---|---|---|
hhvm | * | cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* | |
hhvm | 4.94.0 | cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:* | |
hhvm | 4.95.0 | cpe:2.3:a:facebook:hhvm:4.95.0:*:*:*:*:*:*:* | |
hhvm | 4.96.0 | cpe:2.3:a:facebook:hhvm:4.96.0:*:*:*:*:*:*:* | |
hhvm | 4.97.0 | cpe:2.3:a:facebook:hhvm:4.97.0:*:*:*:*:*:*:* | |
hhvm | 4.98.0 | cpe:2.3:a:facebook:hhvm:4.98.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.1%