CVE-2014-5386

{"id": "CVE-2014-5386", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-28T15:59:02.237", "references": [{"url": "https://github.com/facebook/hhvm/commit/ab6fdeb84fb090b48606b6f7933028cfe7bf3a5e", "source": "cve@mitre.org"}, {"url": "https://github.com/facebook/hhvm/commit/ab6fdeb84fb090b48606b6f7933028cfe7bf3a5e", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector."}, {"lang": "es", "value": "La funci\u00f3n mcrypt_create_iv en hphp/runtime/ext/mcrypt/ext_mcrypt.cpp en Facebook HipHop Virtual Machine (HHVM) anterior a 3.3.0 no inicializa el generador de n\u00fameros aleatorios, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes derrotar los mecanismos de protecci\u00f3n criptogr\u00e1ficos mediante el aprovechamiento del uso de \u00fanico vector de inicializaci\u00f3n"}], "lastModified": "2024-11-21T02:11:57.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE107144-D4DA-4D06-949D-7A2759421B74", "versionEndIncluding": "3.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}