3 matches found
CVE-2021-24036
CVE-2021-24036 affects folly and HHVM: a vulnerability in IOBuf handling where passing an attacker-controlled size can trigger an integer overflow, causing an out-of-bounds heap write and potential remote code execution. Affected are folly versions prior to 2021.07.22.00 and HHVM versions prior t...
CVE-2019-11934
The CVE concerns the Folly library’s AsyncSSLSocket. The issue is an improper handling of close_notify alerts that can cause an out-of-bounds read, affecting Folly prior to v2019.11.04.00. Reported as a Denial of Service risk due to the out-of-bounds read, with Red Hat/Veracode descriptions align...
CVE-2018-6337
The CVE-2018-6337 issue affects HHVM and the folly library, caused by folly::secureRandom re-using a buffer between parent and child processes after fork(). This can lead to repeated or correlated random outcomes across multiple forked children. Affected products/versions: HHVM prior to 3.26.3; f...