CVE-2016-6873

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6873

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6873.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-6873

Downstream

UBUNTU-CVE-2016-6873

Published

2017-02-17T17:59:01Z

Modified

2025-09-19T08:32:38.018941Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

References

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type: GIT
Repo: https://github.com/facebook/hhvm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e264f04ae825a5d97758130cf8eec99862517e7e

Affected versions

HPHP-2.*

HPHP-2.1.0

gcc-4.*

gcc-4.6

Other

pre-hhvm

src-hphp

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2016-6873-02e50422",
            "digest": {
                "length": 303.0,
                "function_hash": "125610103184926962950582925333815305707"
            },
            "signature_type": "Function",
            "target": {
                "file": "hphp/runtime/ext/array/ext_array.cpp",
                "function": "HHVM_FUNCTION"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e"
        },
        {
            "id": "CVE-2016-6873-04b4ae07",
            "digest": {
                "length": 796.0,
                "function_hash": "85853746093120045721078706061501071445"
            },
            "signature_type": "Function",
            "target": {
                "file": "hphp/runtime/ext/array/ext_array.cpp",
                "function": "php_array_merge_recursive"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e"
        },
        {
            "id": "CVE-2016-6873-6f317480",
            "digest": {
                "length": 223.0,
                "function_hash": "146266446582745356990202896584287219025"
            },
            "signature_type": "Function",
            "target": {
                "file": "hphp/runtime/ext/array/ext_array.cpp",
                "function": "couldRecur"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e"
        },
        {
            "id": "CVE-2016-6873-7c3b86f0",
            "digest": {
                "length": 872.0,
                "function_hash": "328442204768296124416267005031122186472"
            },
            "signature_type": "Function",
            "target": {
                "file": "hphp/runtime/ext/array/ext_array.cpp",
                "function": "php_array_replace_recursive"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e"
        },
        {
            "id": "CVE-2016-6873-a91737e7",
            "digest": {
                "line_hashes": [
                    "97361547630027322574222647014124852281",
                    "78903862613093397262113004768607414511",
                    "76765149538626271068897607737099354073",
                    "321476246634189679197177953373852899976",
                    "248672525003541227847887461059484603905",
                    "195485375378949632513157155182160058284",
                    "71886400786605584585836567979641842149",
                    "338626650070849102615054970750623059441",
                    "86125372370983923170963321836882601909",
                    "289725860449185516231204320354585492073",
                    "257334469680627901587349474656674537328",
                    "154849570881591230381242151849890572849",
                    "326805423876088448169918127897408315408",
                    "337807628311309867437776118780534299514",
                    "312758995874743756866805394665251027946",
                    "98317148521411626441563381943965899622",
                    "39295752359109139992725667355539978079",
                    "101401039760345960202110396765246996862",
                    "217587960885088870813847440557907263039",
                    "229527666502967812146007611241585244051",
                    "15695188223898260009332610533408179547",
                    "75344745195936675426714391345725018353",
                    "126954964390694268661484508007218851362",
                    "272005485538011712676942871332506373561",
                    "287359401698848343517626337763810182055",
                    "238435803054599643781881065999149726119",
                    "136575586570090622231093315131856701782",
                    "87586029857131106200540775548874032624",
                    "272005485538011712676942871332506373561",
                    "287359401698848343517626337763810182055",
                    "238435803054599643781881065999149726119",
                    "136575586570090622231093315131856701782",
                    "87586029857131106200540775548874032624"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "hphp/runtime/ext/array/ext_array.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e"
        },
        {
            "id": "CVE-2016-6873-d8b290bd",
            "digest": {
                "length": 355.0,
                "function_hash": "190016695376741468043394676901712689603"
            },
            "signature_type": "Function",
            "target": {
                "file": "hphp/runtime/ext/array/ext_array.cpp",
                "function": "HHVM_FUNCTION"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e"
        },
        {
            "id": "CVE-2016-6873-e16f98da",
            "digest": {
                "length": 437.0,
                "function_hash": "23110508029818134001336601187523389830"
            },
            "signature_type": "Function",
            "target": {
                "file": "hphp/runtime/ext/array/ext_array.cpp",
                "function": "compact"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e"
        }
    ]
}