2 matches found
CVE-2019-3570
Call to the scryptenc function in HHVM can lead to heap corruption by using specifically crafted parameters N, r and p. This happens if the parameters are configurable by an attacker for instance by providing the output of scryptenc in a context where Hack/PHP code would attempt to verify it by...
CVE-2019-3570
CVE-2019-3570 affects Facebook HHVM: call to scrypt_enc() can trigger heap corruption when attacker-controlled N, r, p parameters are used in contexts where the output is re-verified with the same parameters. Impacted versions include 4.3.0–4.8.0, 3.30.5 and earlier, and all of 4.0, 4.1, and 4.2 ...