CVE-2022-36937

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-36937

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36937.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-36937

Downstream

UBUNTU-CVE-2022-36937

Published

2023-05-10T19:15:08.627Z

Modified

2026-02-12T00:52:49.952411Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.

Applications that call streamsocketserver or streamsocketclient functions with a URL starting with tls:// are affected.

References

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type: GIT
Repo: https://github.com/facebook/hhvm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

083f5ffdee661f61512909d16f9a5b98cff3cf0b

Introduced

5b3b1374102a07857d4c4932749dd9dd79c6f858

Fixed

268f75e53fe151332273129ea5a42221481a1f39

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36937.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/facebook/hhvm/commit/268f75e53fe151332273129ea5a42221481a1f39",
        "digest": {
            "line_hashes": [
                "24010530632907002648307216837318941548",
                "176589688183826310668867365706255585068",
                "113334605668934533256516010032469343227",
                "140335216194151808759673220052749435881"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2022-36937-bf84c15a",
        "target": {
            "file": "hphp/runtime/version.h"
        }
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b",
        "digest": {
            "line_hashes": [
                "36602799550260798061553787771962267258",
                "234250307083079915383381505626977248964",
                "141775178956513107259480719217835169561",
                "336514913396938612912909103171505825356",
                "330417911054254029542996090058208042825",
                "260952900214024683889878870712603392034",
                "324722174129089817777404461533680265865",
                "203923956049788163969299205761962759813"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2022-36937-d51c1ad0",
        "target": {
            "file": "hphp/runtime/base/ssl-socket.cpp"
        }
    }
]