TLS 1.0 Vulnerability in HHVM by Facebook
CVE-2022-36937
9.8CRITICAL
What is CVE-2022-36937?
HHVM versions prior to 4.173.0 use TLS 1.0 for secure connections when processing tls:// URLs, a protocol with known vulnerabilities and now deprecated. This exposes applications that utilize stream_socket_server or stream_socket_client functions to potential security risks. To mitigate these vulnerabilities, users are strongly advised to upgrade to HHVM versions that implement TLS 1.3, which offers enhanced security when handling secure connections.
Affected Version(s)
HHVM 4.172.0 < 4.172.1
HHVM 4.171.0 < 4.171.1
HHVM 4.170.0 < 4.170.2