CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-36937
https://notcve.org/view.php?id=CVE-2022-36937
10 May 2023 — HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. • https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2021-24036
https://notcve.org/view.php?id=CVE-2021-24036
23 Jul 2021 — Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. Pasar un tamaño controlado por un atacante al crear un IOBuf podr... • https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •