← Back to CVEs

CVE-2018-6337

HIGH

7.5

Description

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published12/31/2018

Last Modified5/6/2025

Sourcenvd

Honeypot Sightings0

Affected Products

facebook:follyfacebook:hhvm

Weaknesses (CWE)

CWE-212CWE-119

References

https://github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f(cve-assign@fb.com)

https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8(cve-assign@fb.com)

https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html(cve-assign@fb.com)

https://github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8(af854a3a-2127-422b-91ae-364da2661108)

https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.