Sign-up

ID

VAR-201812-0586


CVE

CVE-2018-6334


TITLE

HHVM Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014115

DESCRIPTION

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). HHVM Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages. There are security vulnerabilities in Facebook HHVM 3.25.1 and earlier, 3.24.5 and earlier, and 3.21.9 and earlier. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2018-6334 // JVNDB: JVNDB-2018-014115 // CNVD: CNVD-2019-37158

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-37158

AFFECTED PRODUCTS

vendor:facebookmodel:hhvmscope:lteversion:3.21.9

Trust: 1.0

vendor:facebookmodel:hhvmscope:gteversion:3.21.10

Trust: 1.0

vendor:facebookmodel:hhvmscope:lteversion:3.24.5

Trust: 1.0

vendor:facebookmodel:hhvmscope:gteversion:3.24.6

Trust: 1.0

vendor:facebookmodel:hhvmscope:lteversion:3.25.1

Trust: 1.0

vendor:facebookmodel:hiphop virtual machinescope: - version: -

Trust: 0.8

vendor:facebookmodel:hhvmscope:lteversion:<=3.21.9

Trust: 0.6

vendor:facebookmodel:hhvmscope:lteversion:<=3.24.5

Trust: 0.6

vendor:facebookmodel:hhvmscope:lteversion:<=3.25.1

Trust: 0.6

sources: CNVD: CNVD-2019-37158 // JVNDB: JVNDB-2018-014115 // NVD: CVE-2018-6334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6334
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2018-6334
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-6334
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-37158
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201812-1311
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-6334
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-37158
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-6334
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2018-6334
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-37158 // JVNDB: JVNDB-2018-014115 // CNNVD: CNNVD-201812-1311 // NVD: CVE-2018-6334 // NVD: CVE-2018-6334

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-621

Trust: 1.0

sources: JVNDB: JVNDB-2018-014115 // NVD: CVE-2018-6334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1311

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201812-1311

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014115

PATCH
title:HHVM 3.25.2, HHVM 3.24.6, and 3.21.10 (CVE-2018-6334)url:https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
Trust: 0.8
title:security][CVE-2018-6334] kill globals for file uploads in hhvmurl:https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
Trust: 0.8
title:Patch for Unknown vulnerability in Facebook HHVMurl:https://www.cnvd.org.cn/patchInfo/show/186951
Trust: 0.6
title:Facebook HHVM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88233
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37158 // 
            
            
            
            JVNDB: JVNDB-2018-014115 // 
            
            
            
            CNNVD: CNNVD-201812-1311

EXTERNAL IDS
db:NVDid:CVE-2018-6334
Trust: 3.0
db:JVNDBid:JVNDB-2018-014115
Trust: 0.8
db:CNVDid:CNVD-2019-37158
Trust: 0.6
db:CNNVDid:CNNVD-201812-1311
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37158 // 
            
            
            
            JVNDB: JVNDB-2018-014115 // 
            
            
            
            CNNVD: CNNVD-201812-1311 // 
            
            
            
            NVD: CVE-2018-6334

REFERENCES
url:https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
Trust: 2.2
url:https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6334
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6334
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-37158 // 
            
            
            
            JVNDB: JVNDB-2018-014115 // 
            
            
            
            CNNVD: CNNVD-201812-1311 // 
            
            
            
            NVD: CVE-2018-6334

SOURCES
db:CNVDid:CNVD-2019-37158
db:JVNDBid:JVNDB-2018-014115
db:CNNVDid:CNNVD-201812-1311
db:NVDid:CVE-2018-6334

LAST UPDATE DATE
2025-05-07T22:53:42.273000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-37158date:2019-10-25T00:00:00
db:JVNDBid:JVNDB-2018-014115date:2019-03-12T00:00:00
db:CNNVDid:CNNVD-201812-1311date:2019-10-17T00:00:00
db:NVDid:CVE-2018-6334date:2025-05-06T17:15:50.730

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-37158date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2018-014115date:2019-03-12T00:00:00
db:CNNVDid:CNNVD-201812-1311date:2019-01-02T00:00:00
db:NVDid:CVE-2018-6334date:2018-12-31T19:29:00.323