CVE-2020-1892

Summary

Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

Affected Software

VendorProductVersion RangeStatus
FacebookHHVM4.45.1affected
FacebookHHVM4.45.0affected
FacebookHHVM4.44.1affected
FacebookHHVM4.44.0affected
FacebookHHVM4.43.1affected
FacebookHHVM4.43.0affected
FacebookHHVM4.42.1affected
FacebookHHVM4.42.0affected
FacebookHHVM4.41.1affected
FacebookHHVM4.41.0affected
FacebookHHVM4.40.1affected
FacebookHHVM4.40.0affected
FacebookHHVM4.39.1affected
FacebookHHVM4.39.0affected
FacebookHHVM4.38.1affected
FacebookHHVM4.33.0 < unspecifiedaffected
FacebookHHVM4.32.1affected
FacebookHHVM4.9.0 < unspecifiedaffected
FacebookHHVM4.8.7affected
FacebookHHVMunspecified <= 4.8.6affected

Weaknesses

  • CWE-125: Out-of-bounds Read (CWE-125)

ADP Enrichment

CVE Program Container

Additional References

References