VYPR
Unrated severityNVD Advisory· Published Jan 15, 2019· Updated Aug 5, 2024

CVE-2018-6345

CVE-2018-6345

Description

The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Facebook/Hhvmllm-fuzzy2 versions
    <=3.30.1, <=3.27.5+ 1 more
    • (no CPE)range: <=3.30.1, <=3.27.5
    • (no CPE)range: 3.30.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.