Candidate: CVE-2016-1000005
PublicDate: 2020-02-19 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000005
Description:
 mcrypt_get_block_size did not enforce that the provided "module" parameter
 was a string, leading to type confusion if other types of data were passed
 in. This issue affects HHVM versions prior to 3.9.5, all versions between
 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1
 (inclusive).
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_hhvm:
upstream_hhvm: released (3.12.11+dfsg-1)
precise_hhvm: DNE
precise/esm_hhvm: DNE
trusty_hhvm: DNE
trusty/esm_hhvm: DNE
vivid/stable-phone-overlay_hhvm: DNE
vivid/ubuntu-core_hhvm: DNE
xenial_hhvm: ignored (end of standard support, was needs-triage)
yakkety_hhvm: DNE
zesty_hhvm: not-affected (3.12.11+dfsg-1build1)
artful_hhvm: not-affected (3.12.11+dfsg-1build1)
bionic_hhvm: not-affected (3.12.11+dfsg-1build1)
cosmic_hhvm: DNE
disco_hhvm: DNE
eoan_hhvm: DNE
focal_hhvm: DNE
groovy_hhvm: DNE
hirsute_hhvm: DNE
impish_hhvm: DNE
jammy_hhvm: DNE
devel_hhvm: DNE