UBUNTU-CVE-2018-6334

Source
https://ubuntu.com/security/CVE-2018-6334
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6334.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-6334
Related
Published
2018-12-31T19:29:00Z
Modified
2025-06-02T17:09:33Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).

References

Affected packages

Ubuntu:Pro:16.04:LTS / hhvm

Package

Name
hhvm
Purl
pkg:deb/ubuntu/hhvm@3.11.1+dfsg-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.11.0+dfsg-1
3.11.1+dfsg-1
3.11.1+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / hhvm

Package

Name
hhvm
Purl
pkg:deb/ubuntu/hhvm@3.21.0+dfsg-2ubuntu2?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.21.0+dfsg-2
3.21.0+dfsg-2build1
3.21.0+dfsg-2build2
3.21.0+dfsg-2build3
3.21.0+dfsg-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}