Vulnerability Details CVE-2018-6337
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 75.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f
- https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
- https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
- https://github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f
- https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
- https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
Products affected by CVE-2018-6337
-
cpe:2.3:a:facebook:folly:2017.12.11.00
-
cpe:2.3:a:facebook:folly:2017.12.18.00
-
cpe:2.3:a:facebook:folly:2017.12.25.00
-
cpe:2.3:a:facebook:folly:2018.01.01.00
-
cpe:2.3:a:facebook:folly:2018.01.08.00
-
cpe:2.3:a:facebook:folly:2018.01.15.00
-
cpe:2.3:a:facebook:folly:2018.01.22.00
-
cpe:2.3:a:facebook:folly:2018.01.29.00
-
cpe:2.3:a:facebook:folly:2018.02.05.00
-
cpe:2.3:a:facebook:folly:2018.02.12.00
-
cpe:2.3:a:facebook:folly:2018.02.19.00
-
cpe:2.3:a:facebook:folly:2018.02.26.00
-
cpe:2.3:a:facebook:folly:2018.03.05.00
-
cpe:2.3:a:facebook:folly:2018.03.12.00
-
cpe:2.3:a:facebook:folly:2018.03.19.00
-
cpe:2.3:a:facebook:folly:2018.03.26.00
-
cpe:2.3:a:facebook:folly:2018.04.02.00
-
cpe:2.3:a:facebook:folly:2018.04.09.00
-
cpe:2.3:a:facebook:folly:2018.04.16.00
-
cpe:2.3:a:facebook:folly:2018.04.23.00
-
cpe:2.3:a:facebook:folly:2018.04.30.00
-
cpe:2.3:a:facebook:folly:2018.05.07.00
-
cpe:2.3:a:facebook:folly:2018.05.14.00
-
cpe:2.3:a:facebook:folly:2018.05.21.00
-
cpe:2.3:a:facebook:folly:2018.05.28.00
-
cpe:2.3:a:facebook:folly:2018.06.04.00
-
cpe:2.3:a:facebook:folly:2018.06.11.00
-
cpe:2.3:a:facebook:folly:2018.06.18.00
-
cpe:2.3:a:facebook:folly:2018.06.25.00
-
cpe:2.3:a:facebook:folly:2018.07.02.00
-
cpe:2.3:a:facebook:folly:2018.07.09.00
-
cpe:2.3:a:facebook:folly:2018.07.16.00
-
cpe:2.3:a:facebook:folly:2018.07.23.00
-
cpe:2.3:a:facebook:folly:2018.07.30.00
-
cpe:2.3:a:facebook:folly:2018.08.06.00
-
cpe:2.3:a:facebook:folly:2018.08.09.00
-
cpe:2.3:a:facebook:hhvm:3.26.0
-
cpe:2.3:a:facebook:hhvm:3.26.1
-
cpe:2.3:a:facebook:hhvm:3.26.2