CVE-2018-6337

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:facebook:folly:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:10

Type Values Removed Values Added
References () https://github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f - Patch, Third Party Advisory () https://github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f - Patch, Third Party Advisory
References () https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8 - Patch, Third Party Advisory () https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8 - Patch, Third Party Advisory
References () https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html - Release Notes, Vendor Advisory () https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html - Release Notes, Vendor Advisory

Information

Published : 2018-12-31 22:29

Updated : 2024-11-21 04:10


NVD link : CVE-2018-6337

Mitre link : CVE-2018-6337

CVE.ORG link : CVE-2018-6337


JSON object : View

Products Affected

facebook

  • folly
  • hhvm
CWE
CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer