Use-After-Free Vulnerability in HHVM by Facebook
CVE-2016-1000006

9.8CRITICAL

Key Information:

Vendor

Facebook

Status
Hhvm
Vendor
CVE Published:
19 November 2019

What is CVE-2016-1000006?

A significant issue exists in HHVM versions prior to 3.12.11, characterized by a use-after-free vulnerability within the serialize_memoize_param() and ResourceBundle::__construct() functions. This flaw may potentially lead to information disclosure or unexpected behavior, emphasizing the need for updates to safeguard against potential exploitation. Users are recommended to upgrade to a patched version to mitigate any associated risks.

References

https://security-tracker.debian.org/tracker/CVE-2016-1000006
x_refsource_MISC
https://www.mail-archive.com/debian-devel-changes%40lists...
x_refsource_MISC
https://people.canonical.com/~ubuntu-security/cve/2016/CV...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.