CVE-2022-36937

CVSS V2 None CVSS V3 None

Description

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.

Overview

CVE ID
CVE-2022-36937

Assigner
cve-assign@fb.com

Vulnerability Status
Received

Published Version
2023-05-10T19:15:08

Last Modified Date
2023-05-10T19:15:08

Weakness Enumerations

CWE	URL
CWE-1104	http://cwe.mitre.org/data/definitions/1104.html

References

Reference URL	Reference Tags
https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b
https://hhvm.com/blog/2023/01/20/security-update.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-36937
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36937

History

Created	Old Value	New Value	Data Type	Notes
2023-05-10 20:00:38				Added to TrackCVE
2023-05-10 20:00:43			Weakness Enumeration	new