CVE-2018-6345 (GCVE-0-2018-6345)

Vulnerability from cvelistv5 – Published: 2019-01-15 22:00 – Updated: 2024-08-05 06:01
VLAI
Summary
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).
Severity
No CVSS data available.
CWE
  • CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
Impacted products
Vendor Product Version
Facebook HHVM Affected: 3.30.2
Affected: 3.30.0 , < unspecified (custom)
Affected: 3.27.6
Affected: unspecified , < 3.27.6 (custom)
Create a notification for this product.
Date Public
2019-01-15 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:01:48.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HHVM",
          "vendor": "Facebook",
          "versions": [
            {
              "status": "affected",
              "version": "3.30.2"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "3.30.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "3.27.6"
            },
            {
              "lessThan": "3.27.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2018-12-11T00:00:00.000Z",
      "datePublic": "2019-01-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-15T21:57:01.000Z",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "facebook"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@fb.com",
          "DATE_ASSIGNED": "2018-12-11",
          "ID": "CVE-2018-6345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HHVM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "3.30.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "3.30.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "3.27.6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.27.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Facebook"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap-based Buffer Overflow (CWE-122)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3",
              "refsource": "MISC",
              "url": "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3"
            },
            {
              "name": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html",
              "refsource": "MISC",
              "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "facebook",
    "cveId": "CVE-2018-6345",
    "datePublished": "2019-01-15T22:00:00.000Z",
    "dateReserved": "2018-01-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T06:01:48.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-6345",
      "date": "2026-05-29",
      "epss": "0.00922",
      "percentile": "0.76322"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-6345\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2019-01-15T22:29:00.250\",\"lastModified\":\"2024-11-21T04:10:31.623\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n number_format es vulnerable a un problema de desbordamiento de memoria din\u00e1mica (heap) cuando su segundo argumento ($dec_points) es excesivamente largo. La implementaci\u00f3n interna de la funci\u00f3n provocar\u00e1 que se cree una cadena con una longitud inv\u00e1lida, que puede interactuar pobremente con otras funciones. Esto afecta a todas las versiones soportadas de HVVM (en versiones anteriores a las 3.30.1 y 3.27.5).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.27.5\",\"matchCriteriaId\":\"F9172D83-BE0C-48DB-8042-626E37EA41C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.28.0\",\"versionEndIncluding\":\"3.30.1\",\"matchCriteriaId\":\"EFB32970-5BE0-4FBE-AD2D-D06C96FDCFCB\"}]}]}],\"references\":[{\"url\":\"https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.