CVE-2020-1888

Summary

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

Affected Software

VendorProductVersion RangeStatus
FacebookHHVM4.45.1affected
FacebookHHVM4.45.0affected
FacebookHHVM4.44.1affected
FacebookHHVM4.44.0affected
FacebookHHVM4.43.1affected
FacebookHHVM4.43.0affected
FacebookHHVM4.42.1affected
FacebookHHVM4.42.0affected
FacebookHHVM4.41.1affected
FacebookHHVM4.41.0affected
FacebookHHVM4.40.1affected
FacebookHHVM4.40.0affected
FacebookHHVM4.39.1affected
FacebookHHVM4.39.0affected
FacebookHHVM4.38.1affected
FacebookHHVM4.33.0 < unspecifiedaffected
FacebookHHVM4.32.1affected
FacebookHHVM4.9.0 < unspecifiedaffected
FacebookHHVM4.8.7affected
FacebookHHVMunspecified <= 4.8.6affected

Weaknesses

  • CWE-125: Out-of-bounds Read (CWE-125)

ADP Enrichment

CVE Program Container

Additional References

References