CVE-2016-6870
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-6870
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6870.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-6870
- Downstream
- Published
- 2017-02-17T17:59:00Z
- Modified
- 2025-10-15T08:22:20.890451Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Out-of-bounds write in the (1) mbdetectencoding, (2) mbsendmail, and (3) mbdetectorder functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
- References
Affected packages
Git / github.com/facebook/hhvm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hhvm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2",
"target": {
"file": "hphp/runtime/ext/mbstring/ext_mbstring.cpp",
"function": "HHVM_FUNCTION"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "114867977983050212622086541014123241687",
"length": 743.0
},
"signature_type": "Function",
"id": "CVE-2016-6870-2353ec81"
},
{
"source": "https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2",
"target": {
"file": "hphp/runtime/ext/mbstring/ext_mbstring.cpp",
"function": "php_mb_parse_encoding_list"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "270621287774978279388612230843535800769",
"length": 2008.0
},
"signature_type": "Function",
"id": "CVE-2016-6870-2862bb51"
},
{
"source": "https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2",
"target": {
"file": "hphp/runtime/ext/mbstring/ext_mbstring.cpp",
"function": "HHVM_FUNCTION"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "175255850959260944074864044220242170057",
"length": 5763.0
},
"signature_type": "Function",
"id": "CVE-2016-6870-a8421221"
},
{
"source": "https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2",
"target": {
"file": "hphp/runtime/ext/mbstring/ext_mbstring.cpp"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"81291799294188044419548885898863677444",
"334129936753055698817279323363287062517",
"119278207352512672874726475502463482756",
"77651973085436656010384534963122412574",
"94884553628404518757678110093925819778",
"260785380391309779635231137551516188119",
"16843447221246167481018524247081160718",
"47178538942963173336066979426644628877",
"290236221207822939983104984779229590118",
"325851553724617011024362058007504376690",
"253125444924017764730328807985166328798",
"43704474159867741125858855596264482691",
"257196312143380971199354157581017246090",
"207855001147430909639613377775071193721",
"18470550886304385424830755752223850259",
"163682291015810480412958215389671555798",
"325753258617333112613492363063622703908",
"162295224490180534297809903294035776501",
"270516219035561687025897415853200029503",
"121730556713594639371123614625056346901",
"245562915012402172616228977174907929715",
"232957166942843570282427365708910162210",
"115405333803912561378260058027951784897",
"161551525406625399162954204231453110010",
"45057152956111871477337737351579440918",
"172731990688014598911404433934925413503",
"27182391788903601565610132609166556725",
"202054158224965658132069364185701956394"
]
},
"signature_type": "Line",
"id": "CVE-2016-6870-d413b750"
}
]