oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Requests Facebook HHVM

From: cve-assign () mitre org
Date: Thu, 18 Aug 2016 20:18:41 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


-Fix out of bounds write access in
mb_detect_encoding, mb_send_mail, mb_detect_order.
https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2


Use CVE-2016-6870. The scope of this CVE is all of the incorrect uses
of strndup that were fixed in this commit. The commit message
references t11337047, which possibly is a bug that was discovered much
earlier. However, because we don't know of any earlier public
disclosure of t11337047, there isn't a separate CVE ID for t11337047.



-Fix buffer overrun due to integer overflow in bcmath
https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475


Use CVE-2016-6871.



-Fix integer overflow in StringUtil::implode
https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271


Use CVE-2016-6872.



-Fix self recursion in compact
https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e


Use CVE-2016-6873.



-Fix recursion checks in array_*_recursive
https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69


Use CVE-2016-6874.



-Fix infinite recursion in wddx
https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2


Use CVE-2016-6875.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXtk/uAAoJEHb/MwWLVhi2OFwP/Aig7rJ2rCVEyv+/KwDJBC+a
ufukAbNgsFbzHChTJxntRrWS3PJt7DKkZ4a2wlPzdUd4rQKGFObmMMm4OIWw2xaj
TiBngAelDRJNDNP/ZmkEySj9RGS33UMg+6QnI5pOFI3r7uXIqBau+cjIyq3diqUC
NFlaiFy2TcIb82bYRET3r4SIk8019uaP2rfN5CDLKuNPpYIM3d/Xo0490MwufTHh
QyTiFtFDwsZdtCQz5wFR949Lt+B6rEFdhzYDaqjJr9We6POxvy799/8LUI2UGtwN
P6UiCzS1o/ybx6QCh+Lx7wDNBuT/3t0aeFhWx1FJuFodtF9yiILMxD4BpaARlnva
4Nv/+TNhCmcGGLyE3wCrcAVeCX/QcsAaM9fXYVGy2SuqRmljW7sQIhpkaCIzQCwq
EEGCZMeqPBZ1pMlIJgKmWa0PvKfkv0nDtNhQqNN57hS3YcePE8rShO7+/HYRQaYL
zMe8u6OWVZr432Iwcia1Zjxnmi6ix1g3Ua8gz8oWAGrvw5/6T0gEzRyz+OB79+y+
3OKeE/GDQA/aVRutZciQrrHT30uzkgwtoAQdafur5Cna0cEqRQnclcwFxUfPdpr4
qJJFWH2vmPncge0xx2auUaDv8+7OBOonUvlmEWIfowSdg66D0Qm6EyqN6UNZqm5a
tVSy0zt3nnIATS36SGDd
=tBiw
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: