CVE-2014-6229 — MEDIUM (5.0)

Q: How severe is CVE-2014-6229?

CVE-2014-6229 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-6229?

Check the references section above for vendor advisories and patch information. Affected products include: Facebook Hiphop Virtual Machine.

Vulnerability Description

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Facebook	Hiphop Virtual Machine	<= 3.2.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2014-6229?

CVE-2014-6229 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remo...

How severe is CVE-2014-6229?

CVE-2014-6229 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-6229?

Check the references section above for vendor advisories and patch information. Affected products include: Facebook Hiphop Virtual Machine.