CVE-2018-6340 : What You Need to Know

A vulnerability in HHVM versions 3.30.1, 3.30.0, and 3.27.5 allows for an out-of-bounds read when utilizing the Memcache::getextendedstats function.

Understanding CVE-2018-6340

This CVE affects HHVM, a virtual machine designed for executing programs written in Hack and PHP.

What is CVE-2018-6340?

The vulnerability in HHVM versions 3.30.1, 3.30.0, and 3.27.5 enables an out-of-bounds read by exploiting the Memcache::getextendedstats function. Successful exploitation requires manipulation of memcached server hostnames and/or ports.

The Impact of CVE-2018-6340

This security issue affects all supported versions of HHVM, including 3.30 and 3.27.4 and earlier iterations.

Technical Details of CVE-2018-6340

HHVM vulnerability details and affected systems.

Vulnerability Description

The vulnerability allows an attacker to trigger an out-of-bounds read using the Memcache::getextendedstats function.

Affected Systems and Versions

Product: HHVM
Vendor: Facebook
Versions Affected: 3.30.1, 3.30.0 (custom), 3.27.5, unspecified custom version less than 3.27.5

Exploitation Mechanism

To exploit this vulnerability, attackers need to manipulate the hostnames and/or ports of the memcached server.

Mitigation and Prevention

Steps to mitigate and prevent exploitation of CVE-2018-6340.

Immediate Steps to Take

Update HHVM to a patched version immediately.
Restrict access to memcached servers to trusted entities.
Monitor network traffic for suspicious activities.

Long-Term Security Practices

Regularly update and patch HHVM to the latest versions.
Implement network segmentation to isolate critical servers.
Conduct regular security audits and penetration testing.

Patching and Updates

Ensure timely application of security patches and updates to HHVM to address this vulnerability.