| Vulnerability Name: | CVE-2016-6870 (CCN-123279) | ||||||||||||||||||||||||
| Assigned: | 2016-08-11 | ||||||||||||||||||||||||
| Published: | 2016-08-11 | ||||||||||||||||||||||||
| Updated: | 2017-02-22 | ||||||||||||||||||||||||
| Summary: | Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Other | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-6870 Source: CCN Type: oss-sec Mailing List, Thu, 11 Aug 2016 12:49:25 +0200 CVE Requests Facebook HHVM Source: MLIST Type: Mailing List, Patch, Third Party Advisory [oss-security] 20160811 CVE Requests Facebook HHVM Source: MLIST Type: Mailing List, Patch, Third Party Advisory [oss-security] 20160818 Re: CVE Requests Facebook HHVM Source: XF Type: UNKNOWN hhvm-cve20166870-unspecified(123279) Source: CCN Type: Facebook GIT Repository Use req::strndup in php_mb_parse_encoding_list to prevent oob memory Source: CONFIRM Type: Patch, Vendor Advisory https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2 Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-6870 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||