CVE-2016-1000005

Priority
Description
mcrypt_get_block_size did not enforce that the provided "module" parameter
was a string, leading to type confusion if other types of data were passed
in. This issue affects HHVM versions prior to 3.9.5, all versions between
3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1
(inclusive).
Notes
Package
Source: hhvm (LP Ubuntu Debian)
Upstream:released (3.12.11+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.12.11+dfsg-1build1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-04-24 03:20:00 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)