Unrated severityNVD Advisory· Published Dec 28, 2014· Updated May 6, 2026

CVE-2014-6229

Description

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.

Affected products

Facebook/Hiphop Virtual Machine
cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*
Range: <=3.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hhvm.com/blog/6239/hhvm-3-3-0nvdVendor Advisory
github.com/facebook/hhvm/commit/7135ec229882370a00411aa50030eada6034cc1bnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000