The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-28T15:00:00
Updated: 2024-08-06T12:10:12.215Z
Reserved: 2014-09-04T00:00:00
Link: CVE-2014-6229
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-28T15:59:04.143
Modified: 2024-11-21T02:13:59.330
Link: CVE-2014-6229
Redhat
No data.