CVE-2018-6337

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:facebook:folly:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-12-31 22:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-6337

Mitre link : CVE-2018-6337

CVE.ORG link : CVE-2018-6337


JSON object : View

Products Affected

facebook

  • folly
  • hhvm
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer