CVE-2014-6229

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.
Configurations

Configuration 1 (hide)

cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-12-28 15:59

Updated : 2024-02-04 18:35


NVD link : CVE-2014-6229

Mitre link : CVE-2014-6229

CVE.ORG link : CVE-2014-6229


JSON object : View

Products Affected

facebook

  • hiphop_virtual_machine
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor