CVE-2019-3570 (GCVE-0-2019-3570)
Vulnerability from cvelistv5
Published
2019-07-18 15:42
Modified
2024-08-04 19:12
Severity ?
CWE
  • CWE-122 - Heap-based Buffer Overflow ()
Summary
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
References
Impacted products
Vendor Product Version
Facebook HHVM Version: 4.8.1
Version: 4.8.0
Version: 4.7.1
Version: 4.7.0
Version: 4.6.1
Version: 4.6.0
Version: 4.5.1
Version: 4.5.0
Version: 4.4.1
Version: 4.4.0
Version: 4.3.1
Version: 4.0.0   < unspecified
Version: 3.30.6
Version: unspecified   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HHVM",
          "vendor": "Facebook",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.1"
            },
            {
              "status": "affected",
              "version": "4.8.0"
            },
            {
              "status": "affected",
              "version": "4.7.1"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.1"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.1"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            },
            {
              "status": "affected",
              "version": "4.4.1"
            },
            {
              "status": "affected",
              "version": "4.4.0"
            },
            {
              "status": "affected",
              "version": "4.3.1"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "3.30.6"
            },
            {
              "lessThanOrEqual": "3.30.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2019-06-10T00:00:00",
      "datePublic": "2019-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-18T15:42:25",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "facebook"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@fb.com",
          "DATE_ASSIGNED": "2019-06-10",
          "ID": "CVE-2019-3570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HHVM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.8.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.8.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.7.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.7.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.6.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.6.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.5.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.4.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.3.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.0.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "3.30.6"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "3.30.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Facebook"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap-based Buffer Overflow (CWE-122)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815",
              "refsource": "CONFIRM",
              "url": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815"
            },
            {
              "name": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html",
              "refsource": "CONFIRM",
              "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "facebook",
    "cveId": "CVE-2019-3570",
    "datePublished": "2019-07-18T15:42:25",
    "dateReserved": "2019-01-02T00:00:00",
    "dateUpdated": "2024-08-04T19:12:09.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3570\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2019-07-18T16:15:12.297\",\"lastModified\":\"2024-11-21T04:42:11.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.\"},{\"lang\":\"es\",\"value\":\"La llamada a la funci\u00f3n scrypt_enc () en HHVM puede provocar da\u00f1os en el mont\u00f3n mediante el uso de par\u00e1metros espec\u00edficamente dise\u00f1ados (N, r y p). Esto sucede si los par\u00e1metros son configurables por un atacante, por ejemplo, proporcionando la salida de scrypt_enc () en un contexto donde el c\u00f3digo Hack / PHP intentar\u00eda verificarlo volviendo a ejecutar scrypt_enc () con los mismos par\u00e1metros. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n, la sobrescritura de memoria o el bloqueo del proceso HHVM. Este problema afecta a las versiones 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versiones 3.30.5 y anteriores, y todas las versiones de las series 4.0, 4.1 y 4.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.30.5\",\"matchCriteriaId\":\"7300A72B-8FCE-4F1D-A52A-CEF086502729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.4\",\"matchCriteriaId\":\"13CFD992-D6E6-40E0-BD63-6782956332DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7105CCC0-A141-4AE9-84C1-87582AA0E443\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E97B345E-5B33-4723-8A19-33B297FFB964\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BD9995D-6695-4EB5-B307-AD6B2002D918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A26433-3B9D-4E38-AD43-5DF0D21BE6D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF29D566-16FE-4D0B-BA09-64C5323DABC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF05E05-0D7C-424F-8655-85926D14C6D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"428F37ED-6B16-4A78-A7DC-01042F96C0D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"891439D0-5C5C-4DAE-ADD5-4541BE8056A7\"}]}]}],\"references\":[{\"url\":\"https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.