Vulnerability in Facebook Folly

CVE-2018-6337

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly lib…

EPSS: 0.003 (50.9th percentile) — read the EPSS interpretation.

Affected products

Facebook Folly — versions v2018.08.09.00, v2017.12.11.00, unspecified
Facebook Hhvm — versions 3.26.3, 3.26.0, unspecified

Weakness classification (CWE)

CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer

References

hhvm.com/blog/2018/05/24/hhvm-3.26.3.html (x_refsource_MISC)
github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f (x_refsource_MISC)
github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8 (x_refsource_MISC)