ByteOS Network

NVD Vulnerability Details :

CVE-2014-6229

Deferred

Source-cve@mitre.org

Published At-28 Dec, 2014 | 15:59

Updated At-12 Apr, 2025 | 10:46

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Facebook

>>hiphop_virtual_machine>>Versions up to 3.2.0(inclusive)

cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://hhvm.com/blog/6239/hhvm-3-3-0	cve@mitre.org	Vendor Advisory
https://github.com/facebook/hhvm/commit/7135ec229882370a00411aa50030eada6034cc1b	cve@mitre.org	N/A
http://hhvm.com/blog/6239/hhvm-3-3-0	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://github.com/facebook/hhvm/commit/7135ec229882370a00411aa50030eada6034cc1b	af854a3a-2127-422b-91ae-364da2661108	N/A