Fred Emmott

**Name of the Vulnerable Software and Affected Versions** HHVM versions 3.27.7 and below, 3.30.4, 4.0.3 **Description** The issue arises from insufficient boundary checks for the `strrpos` and `strripos` functions, allowing access to out-of-bounds memory. **Recommendations** For HHVM versions 3.27.7 and below, 3.30.4, 4.0.3, consider applying configuration changes or workarounds to restrict access to the `strrpos` and `strripos` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HHVM versions 3.30.1 and 3.27.5 and below Description: The issue arises from the function `number format` when its second argument (`$dec points`) is excessively large, leading to a heap overflow. This occurs because the internal implementation of `number format` creates a string with an invalid length, which can then interact poorly with other functions. Recommendations: For HHVM versions 3.30.1 and 3.27.5 and below, consider restricting the use of the `number format` function with large `$dec points` values until a patch is available. As a temporary workaround, limit the value of `$dec points` to prevent excessively large inputs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HHVM versions prior to 3.25.1 HHVM versions prior to 3.24.5 HHVM versions prior to 3.21.9 **Description** The issue arises from multipart-file uploads improperly registering variables in the global scope. This can cause unexpected behavior when variables are used without explicit declaration. **Recommendations** For versions prior to 3.25.1, update to version 3.25.1 or later. For versions prior to 3.24.5, update to version 3.24.5 or later. For versions prior to 3.21.9, update to version 3.21.9 or later.

**Name of the Vulnerable Software and Affected Versions** HHVM versions prior to 3.26.3 folly library versions between v2017.12.11.00 and v2018.08.09.00 **Description** The issue is related to the `folly::secureRandom` function, which re-uses a buffer between parent and child processes when `fork()` is called. This results in multiple forked children producing repeat or similar results. **Recommendations** For HHVM versions prior to 3.26.3, update to version 3.26.3 or later. For folly library versions between v2017.12.11.00 and v2018.08.09.00, update to a version outside of this range.

**Name of the Vulnerable Software and Affected Versions** HHVM versions 3.30 and 3.27.4 and earlier **Description** The issue allows for an out-of-bounds read using the Memcache::getextendedstats function. To exploit this, an attacker would need control over memcached server hostnames and/or ports. **Recommendations** For HHVM versions 3.30 and 3.27.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.