CVE-2018-6334 is a vulnerability in Facebook Hhvm
Published on December 31, 2018
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
Vulnerability Analysis
CVE-2018-6334 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is a Variable overwrite Vulnerability?
The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified variables are valid. This could cause the program to overwrite unintended variables.
CVE-2018-6334 has been classified to as a Variable overwrite vulnerability or weakness.
Products Associated with CVE-2018-6334
Want to know whenever a new CVE is published for Facebook Hhvm? stack.watch will email you.
Affected Versions
Facebook HHVM:- Version 3.25.2 is affected.
- Version 3.25.0 is affected.
- Version 3.24.6 is affected.
- Version 3.22.0 is affected.
- Version 3.21.10 is affected.
- Version unspecified and below 3.21.10 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.