Facebook Hiphop Virtual Machine
By the Year
In 2023 there have been 0 vulnerabilities in Facebook Hiphop Virtual Machine . Hiphop Virtual Machine did not have any published security vulnerabilities last year.
It may take a day or so for new Hiphop Virtual Machine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook Hiphop Virtual Machine Security Vulnerabilities
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p)
9.8 - Critical
- July 18, 2019
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook Hiphop Virtual Machine or by Facebook? Click the Watch button to subscribe.