CVE-2020-1888
N/A
N/A
Summary
Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HHVM | 4.45.1 | affected | |
| HHVM | 4.45.0 | affected | |
| HHVM | 4.44.1 | affected | |
| HHVM | 4.44.0 | affected | |
| HHVM | 4.43.1 | affected | |
| HHVM | 4.43.0 | affected | |
| HHVM | 4.42.1 | affected | |
| HHVM | 4.42.0 | affected | |
| HHVM | 4.41.1 | affected | |
| HHVM | 4.41.0 | affected | |
| HHVM | 4.40.1 | affected | |
| HHVM | 4.40.0 | affected | |
| HHVM | 4.39.1 | affected | |
| HHVM | 4.39.0 | affected | |
| HHVM | 4.38.1 | affected | |
| HHVM | 4.33.0 < unspecified | affected | |
| HHVM | 4.32.1 | affected | |
| HHVM | 4.9.0 < unspecified | affected | |
| HHVM | 4.8.7 | affected | |
| HHVM | unspecified <= 4.8.6 | affected |
Weaknesses
- CWE-125: Out-of-bounds Read (CWE-125)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13
- https://hhvm.com/blog/2020/02/20/security-update.html
References
- https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13
- https://hhvm.com/blog/2020/02/20/security-update.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.