CVE-2016-1000005

{"id": "CVE-2016-1000005", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-02-19T13:15:10.837", "references": [{"url": "https://github.com/facebook/hhvm/commit/39e7e177473350b3a5c34e8824af3b98e25efa89", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.facebook.com/security/advisories/cve-2016-1000005", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/facebook/hhvm/commit/39e7e177473350b3a5c34e8824af3b98e25efa89", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.facebook.com/security/advisories/cve-2016-1000005", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "mcrypt_get_block_size did not enforce that the provided \"module\" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive)."}, {"lang": "es", "value": "La funci\u00f3n mcrypt_get_block_size no aplicaba que el par\u00e1metro \"module\" provisto era una cadena, conllevando a una confusi\u00f3n de tipo si otros tipos de datos fueron pasados. Este problema afecta a HHVM versiones anteriores a 3.9.5, todas las versiones entre 3.10.0 y 3.12.3 (inclusive), y todas las versiones entre 3.13.0 y 3.14.1 (inclusive)."}], "lastModified": "2024-11-21T02:42:50.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E30D34-CAAC-49B1-96A0-57DCFC1D06FD", "versionEndExcluding": "3.9.5"}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38334FB4-2311-4E24-B1A8-A667A2DC7121", "versionEndIncluding": "3.12.3", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C0B828B-409C-4F67-82CD-FBE17BB084C0", "versionEndIncluding": "3.14.1", "versionStartIncluding": "3.13.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}