Vulnerability Details CVE-2014-5386
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.5%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2014-5386
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.2.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.1
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.2
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.3
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.4.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.4.1
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.4.2
-
cpe:2.3:a:facebook:hiphop_virtual_machine:3.0.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:3.0.1
-
cpe:2.3:a:facebook:hiphop_virtual_machine:3.1.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:3.2.0