HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFacebook Hhvm
APPFacebook4.171.04.172.0< 4.153.44.154.0 – 4.168.2 (bez)4.169.0 – 4.169.2 (bez)4.170.0 – 4.170.2 (bez)
Powiązane podatności
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of ...
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic pr...
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the f...
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed ...
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the gener...