VulnerableCode Package Details - pkg:deb/ubuntu/hhvm@3.2.0%2Bdfsg1-2

Search for packages

Package details: pkg:deb/ubuntu/hhvm@3.2.0%2Bdfsg1-2

Essentials
History (0)

purl	pkg:deb/ubuntu/hhvm@3.2.0%2Bdfsg1-2

Next non-vulnerable version	3.12.11+dfsg-1build1
Latest non-vulnerable version	3.12.11+dfsg-1build1
Risk	4.4

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-2kms-au22-aaap Aliases: CVE-2014-9767	CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-2pp9-5w36-aaag Aliases: CVE-2016-1000109	HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-41cq-ax36-aaap Aliases: CVE-2016-6872	Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-44sp-vxb7-aaar Aliases: CVE-2016-6873	Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-7pxm-d6cs-aaaf Aliases: CVE-2016-1000006	hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-7ube-41ft-aaaq Aliases: CVE-2016-6874	The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-9e3n-37te-aaaf Aliases: CVE-2016-1552	[Unknown description]	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-efa3-fgp4-aaab Aliases: CVE-2016-1000005	mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-fpwr-xknt-aaar Aliases: CVE-2015-3413		3.11.0+dfsg-1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fz9a-b2v4-aaac Aliases: CVE-2016-6875	Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-mg8k-gw3b-aaae Aliases: CVE-2016-6871	Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-nk4z-hdr2-aaae Aliases: CVE-2016-1000004	Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-s7ta-xm41-aaaj Aliases: CVE-2016-6870	Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.
VCID-svn2-nywv-aaac Aliases: CVE-2016-6288	CVE-2016-6288 php: Buffer over-read in php_url_parse_ex	3.12.11+dfsg-1build1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version