2 matches found
CVE-2019-3570
Call to the scryptenc function in HHVM can lead to heap corruption by using specifically crafted parameters N, r and p. This happens if the parameters are configurable by an attacker for instance by providing the output of scryptenc in a context where Hack/PHP code would attempt to verify it by...
Information disclosure
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versio...