CVE-2014-6229

Name of the Vulnerable Software and Affected Versions HHVM versions prior to 3.3.0

Description The issue allows remote attackers to obtain sensitive information by leveraging read access beyond the end of a certain key string. This is due to the HashContext class in hphp/runtime/ext/ext hash.cpp incorrectly expecting that the key string uses '0' for termination. Additionally, it makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '0' character.

Recommendations For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.