Use-After-Free Vulnerability in HHVM by Facebook
CVE-2016-1000006

9.8CRITICAL

Key Information:

Vendor

Facebook

Status
Vendor
CVE Published:
19 November 2019

What is CVE-2016-1000006?

A significant issue exists in HHVM versions prior to 3.12.11, characterized by a use-after-free vulnerability within the serialize_memoize_param() and ResourceBundle::__construct() functions. This flaw may potentially lead to information disclosure or unexpected behavior, emphasizing the need for updates to safeguard against potential exploitation. Users are recommended to upgrade to a patched version to mitigate any associated risks.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.