CVE-2019-3570

Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815	Patch Third Party Advisory
https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:facebook:hiphop_virtual_machine::::::::
	cpe:2.3:a:facebook:hiphop_virtual_machine::::::::
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.1.0:::::::*
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.2.0:::::::*
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.3.0:::::::*
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.4.0:::::::*
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.5.0:::::::*
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.6.0:::::::*
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.7.0:::::::*
	cpe:2.3:a:facebook:hiphop_virtual_machine:4.8.0:::::::*

History

No history.

Information

Published : 2019-07-18 16:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-3570

Mitre link : CVE-2019-3570

CVE.ORG link : CVE-2019-3570

JSON object : View

Products Affected

facebook

hiphop_virtual_machine

CWE

CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2019-3570", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-18T16:15:12.297", "references": [{"url": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815", "tags": ["Patch", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."}, {"lang": "es", "value": "La llamada a la funci\u00f3n scrypt_enc () en HHVM puede provocar da\u00f1os en el mont\u00f3n mediante el uso de par\u00e1metros espec\u00edficamente dise\u00f1ados (N, r y p). Esto sucede si los par\u00e1metros son configurables por un atacante, por ejemplo, proporcionando la salida de scrypt_enc () en un contexto donde el c\u00f3digo Hack / PHP intentar\u00eda verificarlo volviendo a ejecutar scrypt_enc () con los mismos par\u00e1metros. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n, la sobrescritura de memoria o el bloqueo del proceso HHVM. Este problema afecta a las versiones 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versiones 3.30.5 y anteriores, y todas las versiones de las series 4.0, 4.1 y 4.2."}], "lastModified": "2020-10-16T15:14:37.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7300A72B-8FCE-4F1D-A52A-CEF086502729", "versionEndIncluding": "3.30.5"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13CFD992-D6E6-40E0-BD63-6782956332DE", "versionEndIncluding": "4.0.4", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7105CCC0-A141-4AE9-84C1-87582AA0E443"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E97B345E-5B33-4723-8A19-33B297FFB964"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BD9995D-6695-4EB5-B307-AD6B2002D918"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A26433-3B9D-4E38-AD43-5DF0D21BE6D2"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF29D566-16FE-4D0B-BA09-64C5323DABC6"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF05E05-0D7C-424F-8655-85926D14C6D8"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428F37ED-6B16-4A78-A7DC-01042F96C0D7"}, {"criteria": "cpe:2.3:a:facebook:hiphop_virtual_machine:4.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "891439D0-5C5C-4DAE-ADD5-4541BE8056A7"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}