CVE-2016-6871
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-6871
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6871.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-6871
- Downstream
- Published
- 2017-02-17T17:59:01Z
- Modified
- 2025-10-21T03:57:27.614433Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.
- References
Affected packages
Git / github.com/facebook/hhvm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hhvm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-0b331c51",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "290652294993044437498815282696683601091",
"length": 578.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-1b790feb",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"253159221038594340316946627249740422997",
"295290841193262324875431942476809336580",
"121582108857155097247852839779444846530",
"239426054336211894420624202896294570483",
"326273358384300427631933699950955893320",
"41375573707865293953976172497561792714",
"68107062390883565194292216948842494314",
"184098568624939456191311051078393034036",
"174894786771894492628587345230775220459",
"41375573707865293953976172497561792714",
"68107062390883565194292216948842494314",
"303371837087976327390698824295512751861",
"272886966704609328325797402315769219250",
"163590927529425796944713188382683103527",
"6065879853533643817165950128811941896",
"129655904683196468341761668395986965175",
"190382348583453979623715105440885883130",
"41375573707865293953976172497561792714",
"68107062390883565194292216948842494314",
"1429370554808472164479825531531286032",
"195428294409524530601503078344311799075",
"41375573707865293953976172497561792714",
"68107062390883565194292216948842494314",
"175499983453972587934916045304018162771",
"11560307628497904330242991938338224140",
"41375573707865293953976172497561792714",
"68107062390883565194292216948842494314",
"5612060715541647020394346792901373576",
"226219123561539194331122269998991535358",
"185780481332141420753025964462918907368",
"153910343728692601594747916616039611952",
"147919111828143267567736167005352424122",
"3847189293687289710155025183554965719",
"157335727755452852421338947523393548306",
"33520007249180633328073073681401438234"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-4d43e18e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "65974793349190789194175696737385028005",
"length": 737.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-5d7d0d5a",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "47624583904877174098175126377658873539",
"length": 418.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-5f9310ab",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "333778573128157769872095394264741462850",
"length": 561.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-6a0f7eb7",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "333778573128157769872095394264741462850",
"length": 561.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-9f42c0cd",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "218916687985761449035907908036255338827",
"length": 591.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-ce2ce471",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "321411994411517168529569387227986923099",
"length": 484.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"target": {
"function": "HHVM_FUNCTION",
"file": "hphp/runtime/ext/bcmath/ext_bcmath.cpp"
},
"id": "CVE-2016-6871-d87b0060",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "333778573128157769872095394264741462850",
"length": 561.0
},
"signature_type": "Function"
}
]