CRITICAL🇬🇧 English

CVE-2018-6334

CVSS 9.8v3.1pub. 2018-12-31upd. 2025-05-06

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Facebook Hhvm

    APP
    Facebook
    ≤ 3.21.93.21.10 – 3.24.53.24.6 – 3.25.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-36937CRITICAL9.8ten sam produkt

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream...

CVE-2021-24036CRITICAL9.8ten sam produkt

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of ...

CVE-2020-1900CRITICAL9.8ten sam produkt

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic pr...

CVE-2021-24025CRITICAL9.8ten sam produkt

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the f...

CVE-2020-1916CRITICAL9.8ten sam produkt

An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed ...