Vulnerabilities > Facebook > Hiphop Virtual Machine > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-18 | CVE-2019-3570 | Out-of-bounds Write vulnerability in Facebook Hiphop Virtual Machine Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). | 7.5 |
2014-12-28 | CVE-2014-6228 | Numeric Errors vulnerability in Facebook Hiphop Virtual Machine Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. | 7.5 |
2014-12-28 | CVE-2014-2208 | Code Injection vulnerability in Facebook Hiphop Virtual Machine CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | 7.5 |