CVE-2019-3570 (GCVE-0-2019-3570)

Vulnerability from cvelistv5 – Published: 2019-07-18 15:42 – Updated: 2024-08-04 19:12
VLAI?
Summary
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
Severity ?
No CVSS data available.
CWE
  • CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
Impacted products
Vendor Product Version
Facebook HHVM Affected: 4.8.1
Affected: 4.8.0
Affected: 4.7.1
Affected: 4.7.0
Affected: 4.6.1
Affected: 4.6.0
Affected: 4.5.1
Affected: 4.5.0
Affected: 4.4.1
Affected: 4.4.0
Affected: 4.3.1
Affected: 4.0.0 , < unspecified (custom)
Affected: 3.30.6
Affected: unspecified , ≤ 3.30.5 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HHVM",
          "vendor": "Facebook",
          "versions": [
            {
              "status": "affected",
              "version": "4.8.1"
            },
            {
              "status": "affected",
              "version": "4.8.0"
            },
            {
              "status": "affected",
              "version": "4.7.1"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.1"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.5.1"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            },
            {
              "status": "affected",
              "version": "4.4.1"
            },
            {
              "status": "affected",
              "version": "4.4.0"
            },
            {
              "status": "affected",
              "version": "4.3.1"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "3.30.6"
            },
            {
              "lessThanOrEqual": "3.30.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2019-06-10T00:00:00",
      "datePublic": "2019-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-18T15:42:25",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "facebook"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@fb.com",
          "DATE_ASSIGNED": "2019-06-10",
          "ID": "CVE-2019-3570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HHVM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.8.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.8.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.7.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.7.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.6.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.6.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.5.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.4.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "4.3.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.0.0"
                          },
                          {
                            "version_affected": "!=\u003e",
                            "version_value": "3.30.6"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "3.30.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Facebook"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap-based Buffer Overflow (CWE-122)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815",
              "refsource": "CONFIRM",
              "url": "https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815"
            },
            {
              "name": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html",
              "refsource": "CONFIRM",
              "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "facebook",
    "cveId": "CVE-2019-3570",
    "datePublished": "2019-07-18T15:42:25",
    "dateReserved": "2019-01-02T00:00:00",
    "dateUpdated": "2024-08-04T19:12:09.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.30.5\", \"matchCriteriaId\": \"7300A72B-8FCE-4F1D-A52A-CEF086502729\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndIncluding\": \"4.0.4\", \"matchCriteriaId\": \"13CFD992-D6E6-40E0-BD63-6782956332DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7105CCC0-A141-4AE9-84C1-87582AA0E443\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E97B345E-5B33-4723-8A19-33B297FFB964\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BD9995D-6695-4EB5-B307-AD6B2002D918\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03A26433-3B9D-4E38-AD43-5DF0D21BE6D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF29D566-16FE-4D0B-BA09-64C5323DABC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF05E05-0D7C-424F-8655-85926D14C6D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"428F37ED-6B16-4A78-A7DC-01042F96C0D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hiphop_virtual_machine:4.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"891439D0-5C5C-4DAE-ADD5-4541BE8056A7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.\"}, {\"lang\": \"es\", \"value\": \"La llamada a la funci\\u00f3n scrypt_enc () en HHVM puede provocar da\\u00f1os en el mont\\u00f3n mediante el uso de par\\u00e1metros espec\\u00edficamente dise\\u00f1ados (N, r y p). Esto sucede si los par\\u00e1metros son configurables por un atacante, por ejemplo, proporcionando la salida de scrypt_enc () en un contexto donde el c\\u00f3digo Hack / PHP intentar\\u00eda verificarlo volviendo a ejecutar scrypt_enc () con los mismos par\\u00e1metros. Esto podr\\u00eda dar lugar a la divulgaci\\u00f3n de informaci\\u00f3n, la sobrescritura de memoria o el bloqueo del proceso HHVM. Este problema afecta a las versiones 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versiones 3.30.5 y anteriores, y todas las versiones de las series 4.0, 4.1 y 4.2.\"}]",
      "id": "CVE-2019-3570",
      "lastModified": "2024-11-21T04:42:11.180",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-18T16:15:12.297",
      "references": "[{\"url\": \"https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815\", \"source\": \"cve-assign@fb.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html\", \"source\": \"cve-assign@fb.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve-assign@fb.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve-assign@fb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3570\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2019-07-18T16:15:12.297\",\"lastModified\":\"2024-11-21T04:42:11.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.\"},{\"lang\":\"es\",\"value\":\"La llamada a la funci\u00f3n scrypt_enc () en HHVM puede provocar da\u00f1os en el mont\u00f3n mediante el uso de par\u00e1metros espec\u00edficamente dise\u00f1ados (N, r y p). Esto sucede si los par\u00e1metros son configurables por un atacante, por ejemplo, proporcionando la salida de scrypt_enc () en un contexto donde el c\u00f3digo Hack / PHP intentar\u00eda verificarlo volviendo a ejecutar scrypt_enc () con los mismos par\u00e1metros. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n, la sobrescritura de memoria o el bloqueo del proceso HHVM. Este problema afecta a las versiones 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versiones 3.30.5 y anteriores, y todas las versiones de las series 4.0, 4.1 y 4.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.30.5\",\"matchCriteriaId\":\"7300A72B-8FCE-4F1D-A52A-CEF086502729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.4\",\"matchCriteriaId\":\"13CFD992-D6E6-40E0-BD63-6782956332DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7105CCC0-A141-4AE9-84C1-87582AA0E443\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E97B345E-5B33-4723-8A19-33B297FFB964\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BD9995D-6695-4EB5-B307-AD6B2002D918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A26433-3B9D-4E38-AD43-5DF0D21BE6D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF29D566-16FE-4D0B-BA09-64C5323DABC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF05E05-0D7C-424F-8655-85926D14C6D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"428F37ED-6B16-4A78-A7DC-01042F96C0D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hiphop_virtual_machine:4.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"891439D0-5C5C-4DAE-ADD5-4541BE8056A7\"}]}]}],\"references\":[{\"url\":\"https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/facebook/hhvm/commit/cc331e4349e91706a673e2a09f1f2ea5bbb33815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.