The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) prior to 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote malicious users to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote malicious users to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
facebook hiphop virtual machine |