Every CVE whose affected-product data names Facebook Hhvm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2022-36937 — CVSS 9.8 (critical): HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has…
CVE-2016-1000005 — CVSS 9.8 (critical): mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data…
CVE-2016-1000006 — CVSS 9.8 (critical): hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
CVE-2018-6345 — CVSS 9.8 (critical): The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal…
CVE-2019-11925 — CVSS 9.8 (critical): Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via…
CVE-2019-11926 — CVSS 9.8 (critical): Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds…
CVE-2019-11929 — CVSS 9.8 (critical): Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading…
CVE-2019-11930 — CVSS 9.8 (critical): An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects…
CVE-2019-11935 — CVSS 9.8 (critical): Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM…
CVE-2019-11936 — CVSS 9.8 (critical): Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM…
CVE-2019-3557 — CVSS 9.8 (critical): The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This…
CVE-2019-3561 — CVSS 9.8 (critical): Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported…
CVE-2020-1900 — CVSS 9.8 (critical): When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting…
CVE-2020-1916 — CVSS 9.8 (critical): An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an…
CVE-2020-1917 — CVSS 9.8 (critical): xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not…
CVE-2021-24025 — CVSS 9.8 (critical): Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an…
CVE-2021-24036 — CVSS 9.8 (critical): Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with…
CVE-2016-1000004 — CVSS 9.8 (critical): Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue…
CVE-2016-6870 — CVSS 9.8 (critical): Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0…
CVE-2016-6871 — CVSS 9.8 (critical): Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a…
CVE-2016-6872 — CVSS 9.8 (critical): Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2016-6873 — CVSS 9.8 (critical): Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2016-6874 — CVSS 9.8 (critical): The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to…
CVE-2016-6875 — CVSS 9.8 (critical): Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2018-6334 — CVSS 9.8 (critical): Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly…
CVE-2019-3556 — CVSS 8.1 (high): HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache…
CVE-2018-6340 — CVSS 8.1 (high): The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached…
CVE-2020-1892 — CVSS 8.1 (high): Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to…
CVE-2020-1899 — CVSS 7.5 (high): The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed…
CVE-2020-1918 — CVSS 7.5 (high): In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory…
CVE-2020-1919 — CVSS 7.5 (high): Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer…
CVE-2020-1921 — CVSS 7.5 (high): In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within…
CVE-2018-6335 — CVSS 7.5 (high): A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service…
CVE-2018-6337 — CVSS 7.5 (high): folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked…
CVE-2020-1888 — CVSS 7.5 (high): Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue…
CVE-2019-3569 — CVSS 7.5 (high): HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual…
CVE-2020-1893 — CVSS 7.5 (high): Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM…
CVE-2020-1898 — CVSS 7.5 (high): The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could…
CVE-2018-6332 — CVSS 5.9 (medium): A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate…
CVE-2016-1000109 — CVSS 5.3 (medium): HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the…