CVE-2018-6337

Name of the Vulnerable Software and Affected Versions HHVM versions prior to 3.26.3 folly library versions between v2017.12.11.00 and v2018.08.09.00

Description The issue is related to the folly::secureRandom function, which re-uses a buffer between parent and child processes when fork() is called. This results in multiple forked children producing repeat or similar results.

Recommendations For HHVM versions prior to 3.26.3, update to version 3.26.3 or later. For folly library versions between v2017.12.11.00 and v2018.08.09.00, update to a version outside of this range.