In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hhvm | * | 4.56.3 (excluding) | |
| Hhvm | 4.57.0 (including) | 4.80.2 (excluding) | |
| Hhvm | 4.81.0 (including) | 4.93.2 (excluding) | |
| Hhvm | 4.94.0 (including) | 4.94.0 (including) | |
| Hhvm | 4.95.0 (including) | 4.95.0 (including) | |
| Hhvm | 4.96.0 (including) | 4.96.0 (including) | |
| Hhvm | 4.97.0 (including) | 4.97.0 (including) | |
| Hhvm | 4.98.0 (including) | 4.98.0 (including) | |
| Hhvm | Ubuntu | bionic | * |
| Hhvm | Ubuntu | trusty | * |
| Hhvm | Ubuntu | xenial | * |