By the Year
In 2023 there have been 0 vulnerabilities in Facebook Folly . Folly did not have any published security vulnerabilities last year.
It may take a day or so for new Folly vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook Folly Security Vulnerabilities
Passing an attacker controlled size when creating an IOBuf could cause integer overflow
9.8 - Critical
- July 23, 2021
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
Integer Overflow or Wraparound
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket
9.8 - Critical
- December 04, 2019
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called
7.5 - High
- December 31, 2018
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook Hhvm or by Facebook? Click the Watch button to subscribe.