CVE-2016-6873

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6873

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6873.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-6873

Downstream

UBUNTU-CVE-2016-6873

Published

2017-02-17T17:59:01Z

Modified

2025-10-15T08:22:38.816850Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

References

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type: GIT
Repo: https://github.com/facebook/hhvm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e264f04ae825a5d97758130cf8eec99862517e7e

Affected versions

HPHP-2.*

HPHP-2.1.0

gcc-4.*

gcc-4.6

Other

pre-hhvm

src-hphp

Database specific

vanir_signatures

[
    {
        "id": "CVE-2016-6873-02e50422",
        "signature_type": "Function",
        "target": {
            "function": "HHVM_FUNCTION",
            "file": "hphp/runtime/ext/array/ext_array.cpp"
        },
        "digest": {
            "length": 303.0,
            "function_hash": "125610103184926962950582925333815305707"
        },
        "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2016-6873-04b4ae07",
        "signature_type": "Function",
        "target": {
            "function": "php_array_merge_recursive",
            "file": "hphp/runtime/ext/array/ext_array.cpp"
        },
        "digest": {
            "length": 796.0,
            "function_hash": "85853746093120045721078706061501071445"
        },
        "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2016-6873-6f317480",
        "signature_type": "Function",
        "target": {
            "function": "couldRecur",
            "file": "hphp/runtime/ext/array/ext_array.cpp"
        },
        "digest": {
            "length": 223.0,
            "function_hash": "146266446582745356990202896584287219025"
        },
        "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2016-6873-7c3b86f0",
        "signature_type": "Function",
        "target": {
            "function": "php_array_replace_recursive",
            "file": "hphp/runtime/ext/array/ext_array.cpp"
        },
        "digest": {
            "length": 872.0,
            "function_hash": "328442204768296124416267005031122186472"
        },
        "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2016-6873-a91737e7",
        "signature_type": "Line",
        "target": {
            "file": "hphp/runtime/ext/array/ext_array.cpp"
        },
        "digest": {
            "line_hashes": [
                "97361547630027322574222647014124852281",
                "78903862613093397262113004768607414511",
                "76765149538626271068897607737099354073",
                "321476246634189679197177953373852899976",
                "248672525003541227847887461059484603905",
                "195485375378949632513157155182160058284",
                "71886400786605584585836567979641842149",
                "338626650070849102615054970750623059441",
                "86125372370983923170963321836882601909",
                "289725860449185516231204320354585492073",
                "257334469680627901587349474656674537328",
                "154849570881591230381242151849890572849",
                "326805423876088448169918127897408315408",
                "337807628311309867437776118780534299514",
                "312758995874743756866805394665251027946",
                "98317148521411626441563381943965899622",
                "39295752359109139992725667355539978079",
                "101401039760345960202110396765246996862",
                "217587960885088870813847440557907263039",
                "229527666502967812146007611241585244051",
                "15695188223898260009332610533408179547",
                "75344745195936675426714391345725018353",
                "126954964390694268661484508007218851362",
                "272005485538011712676942871332506373561",
                "287359401698848343517626337763810182055",
                "238435803054599643781881065999149726119",
                "136575586570090622231093315131856701782",
                "87586029857131106200540775548874032624",
                "272005485538011712676942871332506373561",
                "287359401698848343517626337763810182055",
                "238435803054599643781881065999149726119",
                "136575586570090622231093315131856701782",
                "87586029857131106200540775548874032624"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2016-6873-d8b290bd",
        "signature_type": "Function",
        "target": {
            "function": "HHVM_FUNCTION",
            "file": "hphp/runtime/ext/array/ext_array.cpp"
        },
        "digest": {
            "length": 355.0,
            "function_hash": "190016695376741468043394676901712689603"
        },
        "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2016-6873-e16f98da",
        "signature_type": "Function",
        "target": {
            "function": "compact",
            "file": "hphp/runtime/ext/array/ext_array.cpp"
        },
        "digest": {
            "length": 437.0,
            "function_hash": "23110508029818134001336601187523389830"
        },
        "source": "https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e",
        "signature_version": "v1",
        "deprecated": false
    }
]