Page 7 of 39 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. Un frame h2 malformado puede provocar una excepción 'std::out_of_range' durante el análisis de metadatos prioritarios. Este comportamiento puede provocar una denegación de servicio (DoS). • https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56 https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). Subidas del tipo "Multipart-file" llaman a variables para que se registren indebidamente en el ámbito global. En los casos en los que las variables no se declaran explícitamente antes de usarse, esto puede provocar un comportamiento no esperado. • https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html • CWE-20: Improper Input Validation CWE-621: Variable Extraction Error •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. Un problema de denegación de servicio (DoS) potencial en la gestión de Proxygen de configuraciones HTTP2 no válidas puede provocar que el servidor emplee una cantidad desproporcionada de recursos. Esto afecta a todas las versiones soportadas de HHVM (3.24.3 y 3.21.7 y anteriores) cuando se utiliza el servidor proxygen para gestionar peticiones HTTP2. • https://hhvm.com/blog/2018/03/15/hhvm-3.25.html • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. Desbordamiento de enteros en bcmath en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2016/08/11/1 http://www.openwall.com/lists/oss-security/2016/08/19/1 https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Escritura fuera de límites en las funciones (1) mb_detect_encoding, (2) mb_send_mail y (3) mb_detect_order en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://www.openwall.com/lists/oss-security/2016/08/11/1 http://www.openwall.com/lists/oss-security/2016/08/19/1 https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2 • CWE-787: Out-of-bounds Write •