PT-2018-17487 · Facebook · Hhvm+1
Fred Emmott
·
Published
2018-12-31
·
Updated
2025-05-06
·
CVE-2018-6337
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
HHVM versions prior to 3.26.3
folly library versions between v2017.12.11.00 and v2018.08.09.00
Description
The issue is related to the
folly::secureRandom function, which re-uses a buffer between parent and child processes when fork() is called. This results in multiple forked children producing repeat or similar results.Recommendations
For HHVM versions prior to 3.26.3, update to version 3.26.3 or later.
For folly library versions between v2017.12.11.00 and v2018.08.09.00, update to a version outside of this range.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hhvm
Folly