CVE-2016-6875 is a critical vulnerability in Facebook HHVM’s WDDX handling. The public record describes an infinite recursion condition in wddx that could let an attacker cause unspecified impact through unknown vectors. NVD rates the issue 9.8/CRITICAL with a network-reachable attack profile and no privileges or user interaction required. The affected range listed by NVD extends through HHVM 3.14.5, whil [truncated]
CVE-2016-6874 is a critical vulnerability in Facebook HHVM affecting the array_*_recursive functions. The official record and NVD identify HHVM versions up to 3.14.5 as vulnerable, with the issue fixed in 3.15.0. NVD scores the flaw 9.8/CRITICAL and describes the attack surface as network-reachable with no user interaction or privileges required. Because the published description only says the impact is u [truncated]
CVE-2016-6873 affects Facebook HHVM before 3.15.0. The public description says self-recursion in compact can be triggered with unspecified impact via unknown vectors. NVD assigns a critical 9.8 score and lists conditions that do not require privileges or user interaction, so exposed HHVM deployments should be treated as urgent patch candidates. Public references in oss-security appeared in August 2016, an [truncated]
CVE-2016-6872 describes an integer overflow in Facebook HHVM’s StringUtil::implode. The public record ties the issue to HHVM versions before 3.15.0, with NVD marking versions through 3.14.5 as vulnerable. Although the short description says the impact is unspecified, NVD assigns a CVSS 3.0 score of 9.8 (Critical), indicating potentially severe consequences if the flaw is reachable.
CVE-2016-6871 is a critical issue in Facebook HHVM's bcmath component. The NVD description says an integer overflow in HHVM before 3.15.0 can trigger a buffer overflow, with unspecified impact and unknown vectors in the public summary. NVD rates the issue 9.8 with a network-exploitable vector and no privileges or user interaction required.
CVE-2016-6870 is a critical memory-safety issue in Facebook HHVM’s mb_detect_encoding, mb_send_mail, and mb_detect_order functions. The public description says the flaw is an out-of-bounds write with unspecified impact, and NVD rates the issue as 9.8/CRITICAL. Systems running affected HHVM versions should be treated as high priority for patching.
