CVE-2016-6871
critical
CVSS v3
9.8
CVSS v2
7.5
VIR risk
9.8
Description
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2016/08/19/1
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2016/08/11/1
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hhvm | {"endIncluding":"3.14.5"} | |
References
- http://www.openwall.com/lists/oss-security/2016/08/11/1
- http://www.openwall.com/lists/oss-security/2016/08/19/1
- https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
- http://www.openwall.com/lists/oss-security/2016/08/11/1
- http://www.openwall.com/lists/oss-security/2016/08/19/1
- https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
CWEs
CWE-190
Verify integrity in audit chain (admin only). AS-IS.